Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp108290pxa; Tue, 4 Aug 2020 18:05:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxV8vrCiVeARNpUBsbPTTDhGTTXeOxOvv9f84J3jgm5gP59cRKM3KrP2LA7jJ9bEqnY70Px X-Received: by 2002:a05:6402:1d25:: with SMTP id dh5mr548970edb.266.1596589526192; Tue, 04 Aug 2020 18:05:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596589526; cv=none; d=google.com; s=arc-20160816; b=d7t+l6GCo4bI2WSYNGGa5AFbmJuy5hPnzhML4bI34d4Xh8Dlp71VZfWUjPpkO/hoOV CcYUJ6Q62Iid0Ay6NGEpxmndDKHE4Qkn6m7YBswzj4XAlDddjMk0pAv3IRqM3H/Dmt9s BM5Aw82l5CSIX+97s/bipiAaFe7yWsUqlXVOUBywzklsz/kvpcx6QQEbPtLnj2fPIP5N i7RLQvN8NTgSA7cPPe9tXOIlsoWxB1Ox0imdnRxJAnmzDYcMabVYlpd4B4qolDLpPp5+ UysVBgV3phFMrL2iEGcit6C2e128wT+ThAEabMcWDJ9HZDBz4UlDS31mcsXKT6EqF+aX ajEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=15yyDM3bVAWECgKz7oLx+I/ZvqZiZU4J8rThZ2JKCCs=; b=DUIAIBrT5Do81qtnDqtpyqVGVYrqgSQivhmafl0b2bdxuwpQrEFlTGTbpPihEN35C1 OifNzv8BWiU1k9dXfT3dw8+gel7ONyNFqR5uTFBD7BkeRqcLqRq3UVZxD2Bpt6UD74oT wmHhLlcm/SGioStiPHnpUsW0TMjqLvIO0XjzwXUgu8c3S9eoLnyv8KmP6+QTvtQl8mhX EUZwhDtlmCdl7Qn5xXzpk51fJjLSp1f9WozvZyBwdyxVXsxrM4SkPjhpuXsf7yWWADLS bQHsa8WbVLbM3BA8tHze8l+WN1ZpNVtEMuym2ngJIB4LMA9ncXXILmcqSi5Gn5tyQ55O LyCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=r4WFgesd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f17si285826ejb.624.2020.08.04.18.04.57; Tue, 04 Aug 2020 18:05:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=r4WFgesd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726915AbgHEBEh (ORCPT + 99 others); Tue, 4 Aug 2020 21:04:37 -0400 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:38061 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726831AbgHEBEh (ORCPT ); Tue, 4 Aug 2020 21:04:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1596589475; bh=15yyDM3bVAWECgKz7oLx+I/ZvqZiZU4J8rThZ2JKCCs=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=r4WFgesdP5gl/Rbe38EMe5736cYNZXnOEf02AIMJOAl6q56puEMVvpxd+h20+KNNeoBRoCoMYqqrPH1TnC4d0rP8120dKGC4QTIsS0xZQZzNhT4MDHIggo9jgrYBAs3P5ghMFOABP4pCvi4xXNkSIlBENgzYfmY108RW+w0zdGfOF6x7X8g/P7vrm5lrnlROhJkxy0Ap/WJb6ERsMCAEckgECWe7qEcN9tiDxhXTvBv6ujS92jDj+VA1VVN28xO/tMrW4aQw6GR08HYzS8L0cwpu5FRj1HykZ05PUf2pcEFrWL8OHZu5cTrLjUIlI9ppsuTCxykYwadV4fPPEU47Hw== X-YMail-OSG: zA7gwXAVM1k8jezbi.SsnhgWqQcQ0L8EljVIEVzgzTKlnyxWgJXTMD88rtoAkyN hxX8K2pKGVFRl6x06onco_or1m.dIJExyO6Rs0eS3R7E8bam9GSJGebEoOovc1JmYk_oMmSRYboi 0Oo.kpgsTEcyGWaOAvVeIoLNQwhMzlwHS6oCjQ7sGb80Z1yjgQww_AL0kOZBDfzQidpj_vbtlWLh pz4zeGPL8T0PK.CTMca4K9okeZoltMiZYkTvRAot3oCo5LZVikYJ7ImMfg9hvjJZ689Bj_6AulBc KEI2GbQQXkcAXIdhaoGJBVEbUEYfe.E5NMTzbpsOoRMZp8CqKMAj44kTDzpvu4ydniD0XcXvpK07 lhV3328lNCpwwbzW1fcktjIJeUKs8QIvfn3B3vjS1pWa18lDdSyXBwfP_UOTjCxYdTeaPJ00s6Dq qO17JRo5elAYuWpvxwCnWzOKrRNk7of_hHpbekTTx71EG9vz3fdHgPWWfMAOojtbEdAK2wiHDLRw p0_dAbqR5_VfTQpvKrJ5kut5nHQ.J_5FZ9ZeAjRvUs2hAoGS36NU87miFlnHbrq3ryjwoK3TUixu or806SAR95qOP3HsH38iTJeKEhoEx7rsLmi2Ek8_BB1Ul4Tz4KyKXq7QKOMLjChH8j3VjgfGgWoe JJlTuXO0N3jziK73PZGqb7duirK64CQBfGtPoikLMRyF47ki7iFenv7gkUdutabp0guUq7kppcFj zahHSeqUaIO3YEWaDbhJYnG8.QlVtqg1NBYxWMZJTvfUZEB93M8GoHmZxep1e0e6ghfBMv26k3Gn jAr8gtL3aoyVYrzoc01W1oazWGOH_OHn4cntu3_NQjrdFacHcPaWVSCigFtvFVGPDnIOHCsPaNyS tKaORpP4c3a9JzEwOXmKq31ugsW5Rk4Wr_AWcl5lJXxZ5GCAtjsfaC6ATJoev.Y8PwyqUZ7wm8l1 0L.pCU1aL36c51pbuskKO3F6ejHn_Gln9.PI_M2m9wYK_iV8XF3srPIeTgAzXiEjpExmBU9zJzXw 8BxYSgsqIT9DTYaJHGUOEp.AQHIkyP3oc29KnwUTQLkYrElTtgD2YPPwq9LcL2aB0Uu9gj4a8kly Cdzs3eXmXI4x0lcPm_j1r0H7Mr40BD8uy7TzCZoLdXpqlQoLnIbGY4RWgKncOa9urFrD8xfoa6T8 COcX32qRUDMtXdcTHAqcunJ825yiwe77Zd9NhekhZFoNfTyvd8Gl1RTghPaSeZVZ7JDmsbe6R5Rd OIruT99L5t3xpIXim1cfm9p7snp9p79vmh.0cDDEVhgD9323lSa_ZMwTsdG1mbcnSf7KUgjwaIoI Bx9K8ag1ybsFnaPtGA217CyJByrwirXFmU5_k8eyDNGb2D_LV4_h25wYw8SsejBKD Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 5 Aug 2020 01:04:35 +0000 Received: by smtp428.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7f4333369d465d186f6d9a97b53e0a06; Wed, 05 Aug 2020 01:04:31 +0000 (UTC) Subject: Re: [PATCH v6 0/4] LSM: Measure security module data To: Lakshmi Ramasubramanian , zohar@linux.ibm.com, stephen.smalley.work@gmail.com Cc: tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Casey Schaufler References: <20200805004331.20652-1-nramas@linux.microsoft.com> From: Casey Schaufler Message-ID: Date: Tue, 4 Aug 2020 18:04:30 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <20200805004331.20652-1-nramas@linux.microsoft.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Mailer: WebService/1.1.16436 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/11.0.7) Content-Length: 1355 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote: > Critical data structures of security modules are currently not measured. > Therefore an attestation service, for instance, would not be able to > attest whether the security modules are always operating with the policies > and configuration that the system administrator had setup. The policies > and configuration for the security modules could be tampered with by > malware by exploiting kernel vulnerabilities or modified through some > inadvertent actions on the system. Measuring such critical data would > enable an attestation service to better assess the state of the system. I still wonder why you're calling this an LSM change/feature when all the change is in IMA and SELinux. You're not putting anything into the LSM infrastructure, not are you using the LSM infrastructure to achieve your ends. Sure, you *could* support other security modules using this scheme, but you have a configuration dependency on SELinux, so that's at best going to be messy. If you want this to be an LSM "feature" you need to use the LSM hooking mechanism. I'm not objecting to the feature. It adds value. But as you've implemented it it is either an IMA extension to SELinux, or an SELiux extension to IMA. Could AppArmor add hooks for this without changing the IMA code? It doesn't look like it to me.