Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp821148ybj; Thu, 7 May 2020 08:21:56 -0700 (PDT) X-Google-Smtp-Source: APiQypL5fYvWCXzsA0rOjQ0sv7PXMWzZPbIk7cNQw5AdoNFLJfa+TBYwTzUoDeq39w5inkrCGKUR X-Received: by 2002:a17:906:cb98:: with SMTP id mf24mr1409797ejb.146.1588864916480; Thu, 07 May 2020 08:21:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588864916; cv=none; d=google.com; s=arc-20160816; b=UWPXhhjaHkYi4+baDFVE0SQ42B020vD2sMOT4dZqB3o+Cnc9qHDTwrEOU14+zFzvZI 75kDRwyoZP5axJ8iiay6rRI9qaF8igMKDFxVmEces40h0lqomYoZLwaQS06OdbAHIVDP nJajrrv/Zvz+Pa+R6YW6R7D+eLzHeIgbzGTcsH2gojYiHm5qCzJKWL8pvxf7g7D4wNdG 3P6QuJ7KGa1nIG3YEWAUlEi5C2qt5Dvr4deCEumbLJwCHmHlT0xDlZp9ifvf4oYYgrmD 8S5R169peHu66AroUYfrpyvJMBmvKVTq6/+XJ7K+4s/I3MxYoVki2N0QzpGTm560X+Ee 1zkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=bb5lX6qddF6hCHDp73uninidSTrTw4Vb27GupCfL4RU=; b=NKDU/DZe8+mPPHcEWV6aBpVIcF7+unNlxS3vOkxk5xPV3YTRGOEi6CoWsranoTERlI i0uOzoXJGlYcVxhS0vI7fF8WXn5O0auyNEhNdaAIQS6HNbI5ED0ZCtnbcvebRfERJ2lo /hNbxRuTdSDgfWCCHGsZJpscWthRQRCDLHfcvsYWHDfD4TUwP8fQPJf8nU+JUBn+lKqE f16JTUK/4/v9qGje9Lz8dBSWTea6BWKOIV0qImUksSuEoPzQ8ER6S+xd3hy0CMZlPCeD j7/EDHWuxWwH13Jp/uHnnr4MP5REwVjSPJg0ZTXtzBnM2QP3YCIbJ8+J8hOId7hsfWi7 bc+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i20si3200457edx.314.2020.05.07.08.21.28; Thu, 07 May 2020 08:21:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727859AbgEGPRl (ORCPT + 99 others); Thu, 7 May 2020 11:17:41 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:29956 "EHLO mx0b-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726267AbgEGPRl (ORCPT ); Thu, 7 May 2020 11:17:41 -0400 Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 047F4hU7112011; Thu, 7 May 2020 11:17:28 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 30sp8n4cfc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 07 May 2020 11:17:26 -0400 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 047F5Khg113846; Thu, 7 May 2020 11:17:20 -0400 Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 30sp8n4cb4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 07 May 2020 11:17:19 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 047FAaca015722; Thu, 7 May 2020 15:17:12 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma04ams.nl.ibm.com with ESMTP id 30s0g5uk0t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 07 May 2020 15:17:12 +0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 047FHAFT33292412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 7 May 2020 15:17:10 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 854BFAE053; Thu, 7 May 2020 15:17:10 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 41963AE05A; Thu, 7 May 2020 15:17:09 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.135.201]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 7 May 2020 15:17:09 +0000 (GMT) Message-ID: <1588864628.5685.78.camel@linux.ibm.com> Subject: Re: [RFC][PATCH 1/3] evm: Move hooks outside LSM infrastructure From: Mimi Zohar To: Roberto Sassu , "david.safford@gmail.com" , "viro@zeniv.linux.org.uk" , "jmorris@namei.org" , John Johansen Cc: "linux-fsdevel@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Silviu Vlasceanu Date: Thu, 07 May 2020 11:17:08 -0400 In-Reply-To: References: <20200429073935.11913-1-roberto.sassu@huawei.com> <1588794293.4624.21.camel@linux.ibm.com> <1588799408.4624.28.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216,18.0.676 definitions=2020-05-07_09:2020-05-07,2020-05-07 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 mlxlogscore=999 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2005070123 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2020-05-07 at 07:53 +0000, Roberto Sassu wrote: > > -----Original Message----- > > From: Mimi Zohar [mailto:zohar@linux.ibm.com] > > Sent: Wednesday, May 6, 2020 11:10 PM > > To: Roberto Sassu ; david.safford@gmail.com; > > viro@zeniv.linux.org.uk; jmorris@namei.org; John Johansen > > > > Cc: linux-fsdevel@vger.kernel.org; linux-integrity@vger.kernel.org; linux- > > security-module@vger.kernel.org; linux-kernel@vger.kernel.org; Silviu > > Vlasceanu > > Subject: Re: [RFC][PATCH 1/3] evm: Move hooks outside LSM infrastructure Roberto, please fix your mailer or at least manually remove this sort of info from the email. > > > > On Wed, 2020-05-06 at 15:44 -0400, Mimi Zohar wrote: > > > Since copying the EVM HMAC or original signature isn't applicable, I > > > would prefer exploring an EVM portable and immutable signature only > > > solution. > > > > To prevent copying the EVM xattr, we added "security.evm" to > > /etc/xattr.conf.  To support copying just the EVM portable and > > immutable signatures will require a different solution. > > This patch set removes the need for ignoring security.evm. It can be always > copied, even if it is an HMAC. EVM will update it only when verification in > the pre hook is successful. Combined with the ability of protecting a subset > of files without introducing an EVM policy, these advantages seem to > outweigh the effort necessary to make the switch. As the EVM file HMAC and original signature contain inode specific information (eg. i_version, i_generation), these xattrs cannot ever be copied.  The proposed change is in order to support just the new EVM signatures. At least IMA file hashes should always be used in conjunction with EVM.  EVM xattrs should always require a security.ima xattr to bind the file metadata to the file data.  The IMA and EVM policies really need to be in sync. Mimi