Hi!
> > Actually, you "could" also cat /proc files, then verify the signature
> > by hand (using pen and paper :-).
>
> Theoretically, yes. The signature is 2048bit and to validate the signed
> aggregate requires recursively applying SHA1 over all measurements.
:-)
> > It seems to me that the mechanism is sound... it does what the docs
> > says. Another questions is "is it usefull"?
> We implemented some exemplary IMA-applications. If you like, visit our
> project page and check out the references:
> http://www.research.ibm.com/secure_systems_department/projects/tcglinux/
> There you also find a complete measurement list and a response of a measured
> system replying to an authorized remote measurement-list-request.
To make this usefull, you need to:
* have TPM chip
* modify all the interpreters
* modify all the programs that security-relevant config files. I.e. if
there's /etc/keylogger.conf with default
# No keyboard logging enabled
and attacker changes it to
do_log_keys_to_remote evil.com
... you need that config file to be hashed.
* remove all the buffer overflows. I.e. if grub contains buffer
overflow in parsing menu.conf... that is not a security hole
(as of now) because only administrator can modify menu.conf.
With IMA enabled, it would make your certification useless...
[probably something more].
...seems to me you need to do quite a lot of work to make this
usefull...
[And now, remote-buffer-overrun in inetd probably breaks your
attestation, no? I'll just load my evil code over the network, without
changing any on-disk executables, then install my evil rootkit into
kernel by writing into /dev/kmem. How do you prevent that one?]
Pavel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]