Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756995Ab0FDA6A (ORCPT ); Thu, 3 Jun 2010 20:58:00 -0400 Received: from tundra.namei.org ([65.99.196.166]:41199 "EHLO tundra.namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756683Ab0FDA56 (ORCPT ); Thu, 3 Jun 2010 20:57:58 -0400 Date: Fri, 4 Jun 2010 10:57:51 +1000 (EST) From: James Morris To: Mimi Zohar cc: Shaz , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, David Safford , Dave Hansen , Arjan van de Ven , securityengineeringresearchgroup Subject: Re: [PATCH 00/14] EVM In-Reply-To: <1275420536.28134.37.camel@localhost.localdomain> Message-ID: References: <1271886594-3719-1-git-send-email-zohar@linux.vnet.ibm.com> <1275420536.28134.37.camel@localhost.localdomain> User-Agent: Alpine 2.00 (LRH 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 766 Lines: 22 On Tue, 1 Jun 2010, Mimi Zohar wrote: > SELinux, Smack, Capabilities, and IMA all use extended attributes. The > purpose of EVM is to detect offline tampering of these security extended > attributes. One issue mentioned to me off-list is that if EVM is only protecting against offline attacks, why not just encrypt the entire volume ? This would provide confidentiality and integrity protection for all data and metadata, rather than just integrity for xattr metadata. - James -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/