[Linux-ima-devel] [PATCH 0/7] IMA: new parser for ima_restore_measurement_list()
Ken Goldman
kgold at linux.vnet.ibm.com
Tue May 23 20:48:44 UTC 2017
On 5/18/2017 5:38 AM, Roberto Sassu wrote:
> On 5/17/2017 6:28 PM, Ken Goldman wrote:
>> On 5/17/2017 3:25 AM, Roberto Sassu wrote:
>>>
>>> The format of digestN is: <algo name>:\0<digest value>, the same used
>>> for the file digest.
>>
>> Since the format is changing from the SHA-1 log format anyway ...
>>
>> How do people feel about the colon and null terminated string format for
>> algorithm identifiers?
>>
>> The TCG standard enumerations are uint16_t, and there is a registry of
>> hash algorithms.
>>
>> As a consuming parser, it feels nice to know it's always 2 bytes and not
>> have to worry about a missing colon or a missing nul terminator risking
>> a buffer overflow.
>
> There cannot be buffer overflow, because the length of each digest
> field is known.
>
> Roberto
>
I was not referring to the digest, but the digest algorithm.
I wanted opinions on the colon and null terminated string format for
algorithm identifiers.
The TCG standard log uses the TCG standard enumerations. They're always
exactly 2 bytes. Parsing is trivial.
If IMA uses strings, the attacker can send, e.g., sha1: and not null
terminate it. A careful parser can go a byte at a time until it reaches
a maximum length - if you specify a maximum length. But it is an attack
surface. Is there a corresponding advantage?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list