[PATCH 1/2] ima: define ima_trusted_for hook

Mimi Zohar zohar at linux.ibm.com
Wed Oct 13 14:34:49 UTC 2021


On Wed, 2021-10-13 at 07:01 -0400, Mimi Zohar wrote:
> A major interpreter integrity gap exists which allows files read by
> the interpreter to be executed without measuring the file or verifying
> the file's signature.
> 
> The kernel has no knowledge about the file being read by the interpreter.
> Only the interpreter knows the context(eg. data, execute) and must be
> trusted to provide that information accurately.
> 
> To close this integrity gap, define an ima_trusted_for hook to allow
> IMA to measure the file and verify the file's signature based on policy.
> 
> Sample policy rules:
> 	measure func=TRUSTED_FOR_CHECK
> 	appraise func=TRUSTED_FOR_CHECK

To require file signatures, the policy rule should be:
	appraise func=TRUSTED_FOR_CHECK appraise_type=imasig
> 
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>



More information about the Linux-security-module-archive mailing list