Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3388641pxb; Mon, 16 Nov 2020 13:18:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJwVbpSw6T60GoBOfSN9qmuboK8gdUqZUKcK6xoP3t1UuF7uS1tIcs1YeKTtejnTG5UAf0Wj X-Received: by 2002:a17:906:2818:: with SMTP id r24mr17156687ejc.100.1605561519226; Mon, 16 Nov 2020 13:18:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605561519; cv=none; d=google.com; s=arc-20160816; b=0P/SDQh2ZBSJuac8PfHSM49oTldNBVtsz59wjZ1+wAcNsHKb7JnO+AbO5CjKZ+SzQZ TRFeItHvhXkt61XkNjZZ/DW8o6GOxynbtAaO7aGlGFolMbRwaIhaEgQcyYA9Ub6ohhJO jtnOqXdIMs+dFDNA0+4XdEBaYwVDyeJLTCDc1oBZ9DofZcFHCuBE/hO+onBY+vb5XefR vpeex2mStJSO1Z+420x78ENYKo3pr+cI4ezreigA8iNyeqlqhPrU+L2xn6Aw6yp+fx3Y LHuq5HEM4Bf1Xi8p6RfvyBcYw1YE7tv5mpoK6w8q5kZ+WRJmsft5rijmxr1R8l5XoaR1 pkqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=08+LUJn+1NqpvGMznVW9wbSkVMuYy1K575hvfKSkChg=; b=yNv4XdXPHF+DdTkH2JZnM3Iv7QNufofR6y1DfpRCH5XVYXMnpDHbTjU1TkRRMwLNoh 8G9sBqjhRfuYERSLbUvrKkVt+qXCy+6YSw4FX1UOGr3cXVYqNDPCdt0N7xHBRPCCZUx4 5ZXuENihZm6HwCzjWS5mfUY02oCE7CCx/aPeFajC9WXDoP2bgFXLzM2ocgEAv2+gy7s2 zpd+xTzRMIfGaOOivConofBdFVTPRUfKtgRTINzxcCecX8kVWI/gJsEZSGpBMXrjJzrv FrU+qx3uTpw6qhhafl2ropXC0TTZWn2sOfseX4+BrbzlwO18TUndOWb4xRDdVFHQ96K1 QNMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VpsyuqgW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi24si13673941edb.452.2020.11.16.13.18.16; Mon, 16 Nov 2020 13:18:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VpsyuqgW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728330AbgKPStM (ORCPT + 99 others); Mon, 16 Nov 2020 13:49:12 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:23494 "EHLO mx0b-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726204AbgKPStM (ORCPT ); Mon, 16 Nov 2020 13:49:12 -0500 Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AGIXWA2001681; Mon, 16 Nov 2020 13:49:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=08+LUJn+1NqpvGMznVW9wbSkVMuYy1K575hvfKSkChg=; b=VpsyuqgWW8gD/mVv9JaSiWSU7W4w+gN8tbS9YzMM2e7GzC/JWmdQah6uVvGcjCeezlF0 /FIZEaTxTgc9HlbtlDtETzx1JpXxAJr2KYZWm06EEg6KwnTyCwJGTZ926zjrajAp7r1n In2IvOtscJ1WcWSM6RthmSwEKEjMRL81B5/EBkp9S9jk2LIqlmdiPl1w8MwCD2mXuyp0 IMbCBP3K8YzGxOojUAiPWWehT4mjWci5Gg3EvKqhSgECnUWWCgoRPEmVUWab6q1FYgNN otgZZXyopj496oSpXZ5GUC766w5YcgtW+BsRQ9jsWMJckfMIwzhSq9L6ftGxkkITjsFy IQ== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 34ux64hag2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Nov 2020 13:49:10 -0500 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AGIgoLD019199; Mon, 16 Nov 2020 18:49:09 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma03ams.nl.ibm.com with ESMTP id 34t6v8acc2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Nov 2020 18:49:09 +0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AGIn7rE2556434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 16 Nov 2020 18:49:07 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E7D035204F; Mon, 16 Nov 2020 18:49:06 +0000 (GMT) Received: from sig-9-65-243-37.ibm.com (unknown [9.65.243.37]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 85CBD5204E; Mon, 16 Nov 2020 18:49:04 +0000 (GMT) Message-ID: <7fa1b79e42832bd033fdf18cde8293078637262f.camel@linux.ibm.com> Subject: Re: [RESEND][PATCH] ima: Set and clear FMODE_CAN_READ in ima_calc_file_hash() From: Mimi Zohar To: Al Viro , Linus Torvalds Cc: Christoph Hellwig , Roberto Sassu , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Silviu Vlasceanu , "stable@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" Date: Mon, 16 Nov 2020 13:49:03 -0500 In-Reply-To: <20201116180855.GX3576660@ZenIV.linux.org.uk> References: <20201113080132.16591-1-roberto.sassu@huawei.com> <20201114111057.GA16415@infradead.org> <0fd0fb3360194d909ba48f13220f9302@huawei.com> <20201116162202.GA15010@infradead.org> <20201116180855.GX3576660@ZenIV.linux.org.uk> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-12.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737 definitions=2020-11-16_09:2020-11-13,2020-11-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=3 mlxscore=0 priorityscore=1501 phishscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 impostorscore=0 clxscore=1015 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011160109 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-11-16 at 18:08 +0000, Al Viro wrote: > On Mon, Nov 16, 2020 at 09:37:32AM -0800, Linus Torvalds wrote: > > On Mon, Nov 16, 2020 at 8:47 AM Mimi Zohar wrote: > > > > > > This discussion seems to be going down the path of requiring an IMA > > > filesystem hook for reading the file, again. That solution was > > > rejected, not by me. What is new this time? > > > > You can't read a non-read-opened file. Not even IMA can. > > > > So don't do that then. > > > > IMA is doing something wrong. Why would you ever read a file that can't be read? > > > > Fix whatever "open" function instead of trying to work around the fact > > that you opened it wrong. > > IMA pulls that crap on _every_ open(2), including O_WRONLY. As far as I'm > concerned, the only sane answer is not enabling that thing on your builds; > they are deeply special and I hadn't been able to reason with them no > matter how much I tried ;-/ The builtin IMA policies are only meant to be used until a custom can be loaded. The decision as to what should be measured or verified is left up to the system owner. In terms of the architecture specific policy rules, there are rules to: - measure the kexec kernel image and kernel modules - verify the kexec kernel image and kernel modules appended signatures These rules should be pretty straight forward to verify. Mimi