Re: [PATCH 00/14] EVM

From: Shaz
Date: Fri Jun 04 2010 - 02:57:07 EST

Next message: Dmitry Torokhov: "Re: [PATCH 1/4] input: Introduce buflock, a one-to-many circularbuffer mechanism"
Previous message: Shaz: "Re: [PATCH 00/14] EVM"
In reply to: James Morris: "Re: [PATCH 00/14] EVM"
Next in thread: David Safford: "Re: [ProbableSpam] Re: [PATCH 00/14] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 4, 2010 at 5:57 AM, James Morris <jmorris@xxxxxxxxx> wrote:
> On Tue, 1 Jun 2010, Mimi Zohar wrote:
>
>> SELinux, Smack, Capabilities, and IMA all use extended attributes. The
>> purpose of EVM is to detect offline tampering of these security extended
>> attributes.
>
> One issue mentioned to me off-list is that if EVM is only protecting
> against offline attacks, why not just encrypt the entire volume ?

Are you sure that EVM protects against offline attacks only?

Why and why not encrypt the whole volume?

> This would provide confidentiality and integrity protection for all data
> and metadata, rather than just integrity for xattr metadata.

--
Shaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: [PATCH 1/4] input: Introduce buflock, a one-to-many circularbuffer mechanism"
Previous message: Shaz: "Re: [PATCH 00/14] EVM"
In reply to: James Morris: "Re: [PATCH 00/14] EVM"
Next in thread: David Safford: "Re: [ProbableSpam] Re: [PATCH 00/14] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]