Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6524235yba; Tue, 14 May 2019 08:59:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqxD8yXmcYLuRjRQB7id7mzPQkrzQ2t0u8Jof5tGEcvX4ZCLXk5ikEZaNoiwldOGNmuW2d+I X-Received: by 2002:a63:117:: with SMTP id 23mr38269370pgb.34.1557849548347; Tue, 14 May 2019 08:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557849548; cv=none; d=google.com; s=arc-20160816; b=MzAC3WTYLRf4JWs/Ia+82Qt8wFqysRd6IJhnOI6BWGtUUZPfjke09qKOud98WTrkus NJsBS6SspJF8IruPivO4YUjXJZoikf+ejKqrywGXkocwG+woRcorFshWpQcmg8F/whXe wn5F3IPL9QMxOhLYobaDElSkI+xRjCVH0+3fhHHB1+D6Rbjb5WjUA4L7bJ7moHRYf2bi +DX5IFtT/cZkfn+6Z0zSHC4y3SPeL1YT+EZydBN9O2hMykfd56oW1DFK3XoXLMeYTwL8 LfeCiALcLGml9nggxiU/B1P1JgA0nVDNUxTqBKYuHLDfcbbf1vJkFfdPviqGUAIWFOR+ e+VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=09KkEvxVufpT7/jHfQWIW8S/OLgTGQRQAFAad5Q891g=; b=ES+Ec+6C8ar1Ofam5n9H4YLPic48W8HJK42C9wSIc3Bool5FY5/hLARFU8GQJf6SQi Ybzw52kRSo4BC2QLUXHQSM9oRVqXRYaGfnTis+ecGqowsRL3/J8iDu9yADjy0SidTDGr cTTYWh+hyk67apEbEkSAfOT+hYSLcZpYKpyB92vkeeKheSkcrzHYKFBeJOwS7B+p6z+e ibsDK2RhVCN3xHRFtyEC24MB1j80u8d3vAuPGZz+8NTdcFkO/uvDclP5An/SgImmzcHe djZ6EEUbmsNSDXDHss9jbWybqLJhbjpnp4fJ/jcHW9478z32o6Hh9u/W3fyiXVkw8E3S /r6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=evnybUqQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x201si21466728pgx.381.2019.05.14.08.58.52; Tue, 14 May 2019 08:59:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=evnybUqQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726190AbfENP5p (ORCPT + 99 others); Tue, 14 May 2019 11:57:45 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:35342 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725901AbfENP5o (ORCPT ); Tue, 14 May 2019 11:57:44 -0400 Received: by mail-qt1-f195.google.com with SMTP id a39so18794815qtk.2; Tue, 14 May 2019 08:57:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=09KkEvxVufpT7/jHfQWIW8S/OLgTGQRQAFAad5Q891g=; b=evnybUqQSO3rMlm+kFqEQEIAfI3v4IqgwamNZvPOEyI9wfLiDbsuEeXduuT3enU+/D iPaHuAred/MDyZUVZgr18lqhCz/SufyYY000qM22MZZpH/JuvqIujY2M3yfpedzXDH1V CUXWUf5xY8etjU/g1epN4mmTh3W4L8h/GZxe9kMxCB+tU9kx3BuiIFMLWZKDu/wPTnz8 9a8FfvgxAFTFjGiycvXhLWDMbsBwaoxZL30QEkdUA3OmNl0+6lT6Rw7OMCoCN1pOTlgF ssx2GCz1BmDg4+bJTTtQQmXXFK59NTym2BDk+1SRu1kUafbPyfP5tvlJWv1n1Itxr6C/ JP6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=09KkEvxVufpT7/jHfQWIW8S/OLgTGQRQAFAad5Q891g=; b=S2byZtGVafs/kmyA/gfG2qs2Gb7KxcpxbQDROWdY+zcthmmD+o7paCXK1eund8cDV9 K9nUE619axorpLC7rZpYqTFXE/HGVMFnxvjnlORKjgra+pQSPUbzwWFAkyEyp2J4PtIZ M4pvfrTXiiPql0qxmJNtA8UjRSRIIZr/W82Bn2D92yjsaKVtYFPdmAN8EvIaXV6b04pu 7L/oLp6PkIhDqWfw2TqtqnFIA43cearEXadL67LHgRuBtc4NfdXSmgX8ELiZXxj4Rpn5 4iXyP5LHImWE4CXrXIhOphrbOnMGAeiKNXDRSRNnnHDQWxPmYevUt2U0i4Ox08Is2Y6i PYFQ== X-Gm-Message-State: APjAAAWQWSTvqYivORFI3EPkUudlOGLhiwJC+jys8l6RSrIt1dv1eT6N M9bjxSn38zE/XwUO8310JsE= X-Received: by 2002:a0c:b92f:: with SMTP id u47mr19802185qvf.94.1557849462769; Tue, 14 May 2019 08:57:42 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id p37sm14130553qtj.90.2019.05.14.08.57.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 May 2019 08:57:42 -0700 (PDT) From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Tue, 14 May 2019 11:57:40 -0400 To: Roberto Sassu Cc: Rob Landley , Arvind Sankar , linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, initramfs@vger.kernel.org Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk Message-ID: <20190514155739.GA70223@rani.riverdale.lan> References: <20190512194322.GA71658@rani.riverdale.lan> <3fe0e74b-19ca-6081-3afe-e05921b1bfe6@huawei.com> <4f522e28-29c8-5930-5d90-e0086b503613@landley.net> <49965ffd-dd57-ffe5-4a2f-73cdfb387848@landley.net> <20190514152704.GB37109@rani.riverdale.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190514152704.GB37109@rani.riverdale.lan> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 14, 2019 at 11:27:04AM -0400, Arvind Sankar wrote: > It's also much easier to change/customize it for the end > system's requirements rather than setting the process in stone by > putting it inside the kernel. As an example, if you allow unverified external initramfs, it seems to me that it can try to play games that wouldn't be prevented by the in-kernel code: setup /dev in a weird way to try to trick /init, or more easily, replace /init by /bin/sh so you get a shell prompt while only the initramfs is loaded. It's easy to imagine that a system would want to lock itself down to prevent abuses like this. So you might already want an embedded initramfs that can be trusted and that can't be overwritten by an external one even outside the security.ima stuff.