Hi!
> > >
> > > If I understand you, then you are claiming that steps (ii) to (v)
> > > introduce buffer overflows in bash or show_etc_issue. How?
> >
> > No, I'm not claiming that. You are certainly *not* introducing any new
> > problems.
> >
> > But some problems that used to be harmless (buffer overrun in
> > show_etc_issue command) are not harmless any more.
>
> How is a buffer overrun in a script/application less "harmless" with IMA?
> Please be specific. Preliminary IMA patches are out on the mailing lists.
>
> The only thing that IMA does with respect to existing known buffer
> overruns is that it enables remote parties to know that there is an application
> with a known buffer overrun if this application/script was measured. Such
> information is sensitive and this is one reason why direct access to the
> measurements are restricted to authorized/trusted parties.
Well, you'll have to add measurement of any security-sensitive config
file, any script, and will have to make sure that all parsing of
system config files does not contain buffer-overrun problems. That's
lot of work before IMA is usefull. It is true you do not make
situation any worse.
Good luck and go ahead.
Pavel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]