Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261220AbVEWX6j (ORCPT ); Mon, 23 May 2005 19:58:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261218AbVEWX5y (ORCPT ); Mon, 23 May 2005 19:57:54 -0400 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:920 "EHLO amd.ucw.cz") by vger.kernel.org with ESMTP id S261199AbVEWXpY (ORCPT ); Mon, 23 May 2005 19:45:24 -0400 Date: Tue, 24 May 2005 01:44:54 +0200 From: Pavel Machek To: Reiner Sailer Cc: Valdis.Kletnieks@vt.edu, James Morris , Toml@us.ibm.com, linux-security-module@wirex.com, linux-kernel@vger.kernel.org, Emilyr@us.ibm.com, Kylene@us.ibm.com Subject: Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme Message-ID: <20050523234454.GB1940@elf.ucw.cz> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.9i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1953 Lines: 57 Hi! > > Actually, you "could" also cat /proc files, then verify the signature > > by hand (using pen and paper :-). > > Theoretically, yes. The signature is 2048bit and to validate the signed > aggregate requires recursively applying SHA1 over all measurements. :-) > > It seems to me that the mechanism is sound... it does what the docs > > says. Another questions is "is it usefull"? > We implemented some exemplary IMA-applications. If you like, visit our > project page and check out the references: > http://www.research.ibm.com/secure_systems_department/projects/tcglinux/ > There you also find a complete measurement list and a response of a measured > system replying to an authorized remote measurement-list-request. To make this usefull, you need to: * have TPM chip * modify all the interpreters * modify all the programs that security-relevant config files. I.e. if there's /etc/keylogger.conf with default # No keyboard logging enabled and attacker changes it to do_log_keys_to_remote evil.com ... you need that config file to be hashed. * remove all the buffer overflows. I.e. if grub contains buffer overflow in parsing menu.conf... that is not a security hole (as of now) because only administrator can modify menu.conf. With IMA enabled, it would make your certification useless... [probably something more]. ...seems to me you need to do quite a lot of work to make this usefull... [And now, remote-buffer-overrun in inetd probably breaks your attestation, no? I'll just load my evil code over the network, without changing any on-disk executables, then install my evil rootkit into kernel by writing into /dev/kmem. How do you prevent that one?] Pavel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/