Hi

On Wed, Sep 28, 2011 at 8:16 PM, Andreas Dilger [off-list ref] wrote:

On 2011-09-28, at 9:19 AM, "Kasatkin, Dmitry" [off-list ref] wrote:

quoted

I work on integrity protection subsystem IMA/EVM (linux/security/integrity).
The target is to protect against offline modifications.
Using block re-mapping I was able to implement simple attack which
allows to circumvent IMA integrity verification.
In order to prevent this kind of attack, it is necessary to run fsck every boot.

I want to know if there is a better way to prevent such attacks...

There is work currently being done to add checksums for detecting filesystem corruption (see list archive). However, if the attacker can binary edit the underlying disk device then they can also edit the checksums (crc32c) at the same time.

The only secure way to handle this would be a crypto checksum with a secret key.

This something came to my mind after reading previous sentence about crc32c...

At that point you may as well just use a whole crypto/backed filesystem?

Yes... I know...

Thanks!

- Dmitry

Cheers, Andreas--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html