Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems
From: Eric W. Biederman <hidden>
Date: 2018-02-27 02:13:28
Also in:
linux-fsdevel, linux-security-module
Possibly related (same subject, not in this thread)
- 2018-02-21 · Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems · Mimi Zohar <hidden>
- 2018-02-21 · Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems · Eric W. Biederman <hidden>
- 2018-02-21 · Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems · Mimi Zohar <hidden>
- 2018-02-21 · Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems · Mimi Zohar <hidden>
- 2018-02-21 · Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems · Eric W. Biederman <hidden>
Mimi Zohar [off-list ref] writes:
On Wed, 2018-02-21 at 17:12 -0600, Eric W. Biederman wrote:quoted
As I understand the second scenario SB_I_IMA_UNVERIFIABLE_SIGNATURES is set, which implies that the filesystem is lacking something for IMA to reliably know when a file has changed. AKA a technical deficiency. The fourth scenario is the case when SB_I_IMA_UNVERIFIABLE_SIGNATURES can be legitimately be cleared, because the filesystem provides all of the necessary support for IMA to reliably know when a file has changed.The information might be there, but IMA currently detects a file change and resets the flags only when the last writer calls __fput(). Any other time, new support would be needed.
My point was only that for local NTFS or local exFAT with a quality and trusted fuse implementation they should be as safe in this regard as any other filesystem. So in theory we could have fuse implementing this level of filesystem as well. Not that I suggest we try for that out of the gate. Thank you very much for the clarification about the last fput that helps me understand SB_I_IMA_UNVERIFIEDABLE_SIGNATURES much better. Eric