[dm-devel] [PATCH v6 0/8] IMA: support for measuring kernel integrity critical data
Pavel Machek
pavel at ucw.cz
Mon Nov 23 17:18:00 UTC 2020
Hi!
> > > >How is it supposed to be useful?
> > > >
> > > >I'm pretty sure there are critical data that are not measured by
> > > >proposed module... and that are written under normal circumstances.
> > > >
> > > The goal of this series is to introduce the IMA hook
> > > measure_critical_data() and the necessary policies to use it; and
> > > illustrate that use with one example (SELinux). It is not scalable to
> > > identify and update all the critical data sources to use the proposed
> > > module at once.
> > >
> > > A piecemeal approach to add more critical data measurement in subsequent
> > > patches would be easy to implement and review.
> >
> > Basically every other data structure in kernel is "critical" by your
> > definition, and you can't really measure them all; some of them change
> > rather often. Going piecemeal does not really help here.
>
> Agreed, measuring data structures that change is not really applicable.
> However, measuring data structures that once initialized don't change,
> does make sense (similar concept to __ro_after_init). The attestation
> server doesn't need to know anything about the measurement, other than
> more than a single measurement is indicative of a problem.
So, why not simply measure everything that is ro_after_init?
But... I really fail to see how this is useful. It is trivial to
"backdoor" kernel w/o modifying anything that is
ro_after_init. (Example: page tables).
Pavel
--
http://www.livejournal.com/~pavelmachek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20201123/a6c0460a/attachment.sig>
More information about the dm-devel
mailing list