[PATCH v3 0/2] ima/evm fixes for v5.2

Janne Karhunen janne.karhunen at gmail.com
Wed Jun 12 11:28:30 UTC 2019


On Thu, Jun 6, 2019 at 3:27 PM Roberto Sassu <roberto.sassu at huawei.com> wrote:
>
> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> EVM status'. However, I realized that this patch cannot be accepted alone
> because IMA-Appraisal would deny access to new files created during the
> boot.

The early initialization logic seems to have been changing, the
original one as I have understood it:
- before initialization
  - allow reading anything without security.ima
  - deny reading anything with security.ima
  - allow all writes
- after initialization
  - deny reading|writing anything without security.ima
  - deny reading|writing anything invalid
  - allow everything else

The logic is pretty handy as it even creates additional layer of
security around the early initialization files as they become
unreadable after use.

Now, if we initialize the system with a random key like in your patch,
this logic is to change quite drastically? It sounds to me the
userland may actually break, all the userland initialization files in
the existing ima configurations that do not use digsigs would become
unreadable given that the random key is put in? Remember, those files
can be protected via other means (most commonly signed ramdisk).


--
Janne



More information about the Linux-security-module-archive mailing list