[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-integrity
Subject:    Re: Usage of inode number in EVM signatures
From:       Matthew Garrett <mjg59 () google ! com>
Date:       2017-10-30 10:29:19
Message-ID: CACdnJuuSuEsoRmbsPmMYXSGjQS=+cuOcCyZDRgU=7CJkXONGYg () mail ! gmail ! com
[Download RAW message or body]

On Fri, Oct 27, 2017 at 4:08 PM, Peter P. <p.pan48711@xxxxxxxxx> wrote:
> Hi,
>
> I would like to better understand how the inclusion of the inode
> number and the other return values from stat add to the protection of
> the xattrs when security.evm contains a digital signature.
>
> If any of the security xattrs are tampered with, then I would expect
> EVM signature verification will fail. What added protections does one
> gain by including file information?

There's no real security advantage as long as IMA is in use. However,
EVM can be used without IMA, and in that case you'd end up with
signatures that could be moved between files. See the discussion of
the portable signature format going on at the moment.




[prev in list] [next in list] [prev in thread] [next in thread]