Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2553212yba; Fri, 10 May 2019 13:48:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqzRw0Gc3ZZSMmqy1vocQw9ATfMoL2hr2hTJDVdvhVpiy+gtDxqETUoc7Gll1QK7UQRekNY1 X-Received: by 2002:a63:8449:: with SMTP id k70mr16054076pgd.53.1557521339066; Fri, 10 May 2019 13:48:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557521339; cv=none; d=google.com; s=arc-20160816; b=KpYqrRL/IkJDJtyVJuAzqV8Rp9uMJjblnEhB8DFiKrfrC/9AYpjqP/sCl452OUsjTu 0KgUILOQNfL0wuDDkz2iQjQhYPkqOe5I5g0nPea8ytxa72kTDPPQnUemCtwYD5LBWU/P ROoaADByTeGYEkf68X4WFIbnm2m3ZLst7NjsQi85otdWnn8UHVBDepWMzjJMDHWbybYQ k4R0qL94lRTU3VqIwB34FokzCsL8cXv1rEFB7UIPqPHtuia3pPqot4KWMeVj+/mHVUK4 7MInY+3tP1L2bgCmpSE0A0h795P+Dhc8h/IraUUF85Xy1MKvCajjZvVCUrF9+VTof2G8 qXbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=aj6INEqnnfoQNhyU5G7iw5JJmBhRXMSKlpuNHBS6Zik=; b=FiGcX3uBrlS37UgJCEbDzuXvrHj+G2rZn3OaNcaRYSH5z2XAzsab+efLzDHrvIvsLD j62nsTEmbjF7GQeqDokgYt3hc5Qoucds2DC2DMmfVlajkRIHRImpQ2JQLhF4vQZ6ePTu y11AoSqd0JqzoDWe99ieahAJS49T3hlcEpdzd1JF72oRW54/KYLTGW4zTNxoVmeth53h pbLPjoRf5MGYQ2L0DkvfercNFEr+4W2nXfl8rdASAPQBi5Y8w0qGT0dIuURusNFhVbFE JODG24HmTwpcA9coWuWd2ewKviLg6AxEYmDwnTlCeallUX9P7dujqJOWV8AtOY5ToikT JyXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=RUS1u52Q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g68si8821436plb.362.2019.05.10.13.48.42; Fri, 10 May 2019 13:48:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=RUS1u52Q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728037AbfEJUqE (ORCPT + 99 others); Fri, 10 May 2019 16:46:04 -0400 Received: from mail-oi1-f195.google.com ([209.85.167.195]:39615 "EHLO mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728018AbfEJUqD (ORCPT ); Fri, 10 May 2019 16:46:03 -0400 Received: by mail-oi1-f195.google.com with SMTP id v2so2066571oie.6 for ; Fri, 10 May 2019 13:46:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=landley-net.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=aj6INEqnnfoQNhyU5G7iw5JJmBhRXMSKlpuNHBS6Zik=; b=RUS1u52QMGXhtmf6NRCHIrzXEoaN3rFUW9pkgWLoZZ/UVaEQXywiJB9ZHGrvG+E5ca 2GGYdp0mldCJnm1zE4Png/lpgHEWd0dki4rG2TWPVZNwPtjkH+onGmDNDap4ySjHRU5L ijk4gDOGgTTThNQTw5ZrovFwcwUUSI/K/+IuGRIx5qmh597mFvjxEiphK3DcL8ooFbWQ RBcyReeKi40Rtp24bcEnymoPElT6C/olCSYSrSYR6wHWipzRbOvrrPOMPa+oHTSeRWzd dAD9v7yG8hRCFFwcxwj2TLXadD6bRo2gBoaS2yo7q6lALLa0PJwQdD5xqR5xHr8xJArg tDzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=aj6INEqnnfoQNhyU5G7iw5JJmBhRXMSKlpuNHBS6Zik=; b=gyS87SCwUDYOxtG6SqrvwJuhoAj6Ahf+LPoQ/DDj8B7o7iKZXcdGUEW3h2QUTcHdRj YytnNEX4yknQzCeUE2XK9CfwuU8vxjtSy38yXz0WYOuJ+Cqq6KafoFDgR21vWsjpJVLw KfWM4PEzw/rhFYaeb2KhozUevhtPG2mfs0aRS7KjRRceOQDub6QA4E99vS+ayW47uiMV nGah3/up1UaEzNOY9Nyfj7wKeYQxzkxFyFYh+WyF9r5yt97I7Dk4uqcoPFC5yuv4D8P8 2AqCES3+uZzZoKpz8X5ib4xIik1T1RIclAVQiA+CVBsrK86qNDwEsKoJXXCPc48g1xeF Vfnw== X-Gm-Message-State: APjAAAXKNyWLyxx3wTssDpaQXUyghOzsIQd0LFgTavCuZn/hW9Fyh+0J 9VDo8Yy9mnPoMJ6x1RHTRwY/qimeaL2wIQ== X-Received: by 2002:a54:4e1d:: with SMTP id a29mr512160oiy.92.1557521162786; Fri, 10 May 2019 13:46:02 -0700 (PDT) Received: from [192.168.1.5] (072-182-052-210.res.spectrum.com. [72.182.52.210]) by smtp.googlemail.com with ESMTPSA id r23sm1303599otg.49.2019.05.10.13.46.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 May 2019 13:46:02 -0700 (PDT) Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk To: Mimi Zohar , Roberto Sassu , viro@zeniv.linux.org.uk Cc: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, initramfs@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com, dmitry.kasatkin@huawei.com, takondra@cisco.com, kamensky@cisco.com, hpa@zytor.com, arnd@arndb.de, james.w.mcmechan@gmail.com References: <20190509112420.15671-1-roberto.sassu@huawei.com> <1557488971.10635.102.camel@linux.ibm.com> From: Rob Landley Message-ID: <3a9d717e-0e12-9d62-a3cf-afb7a5dbf166@landley.net> Date: Fri, 10 May 2019 15:46:30 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <1557488971.10635.102.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/10/19 6:49 AM, Mimi Zohar wrote: > On Fri, 2019-05-10 at 08:56 +0200, Roberto Sassu wrote: >> On 5/9/2019 8:34 PM, Rob Landley wrote: >>> On 5/9/19 6:24 AM, Roberto Sassu wrote: > >>>> The difference with another proposal >>>> (https://lore.kernel.org/patchwork/cover/888071/) is that xattrs can be >>>> included in an image without changing the image format, as opposed to >>>> defining a new one. As seen from the discussion, if a new format has to be >>>> defined, it should fix the issues of the existing format, which requires >>>> more time. >>> >>> So you've explicitly chosen _not_ to address Y2038 while you're there. >> >> Can you be more specific? > > Right, this patch set avoids incrementing the CPIO magic number and > the resulting changes required (eg. increasing the timestamp field > size), by including a file with the security xattrs in the CPIO.  In > either case, including the security xattrs in the initramfs header or > as a separate file, the initramfs, itself, needs to be signed. The /init binary in the initramfs runs as root and launches all other processes on the system. Presumably it can write any xattrs it wants to, and doesn't need any extra permissions granted to it to do so. But as soon as you start putting xattrs on _other_ files within the initramfs that are _not_ necessarily running as PID 1, _that's_ when the need to sign the initramfs comes in? Presumably the signing occurs on the gzipped file. How does that affect the cpio parsing _after_ it's decompressed? Why would that be part of _this_ patch? Rob