Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary

[Eric W. Biederman]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes:

> Please remind me why you can't use IMA-appraisal, which was upstreamed
> in Linux 3.7?  Why another method is needed?

Good question Vivek?  

I remeber there was a slight mismatch in the desired attributes.  In
particular we want signatures that are not generated on the local
machine.

> With IMA-appraisal, there are a couple of issues that would still need
> to be addressed:
> - missing the ability to specify the validation method required.
> - modify the ima_appraise_tcb policy policy to require elf executables
> to be digitally signed.
> - security_bprm_check() is called before the binary handler is known.
>
> The first issue is addressed by a set of patches queued to be upstreamed
> in linux-integrity/next-ima-appraise-status.
>
> To address the last issue would either require moving the existing
> bprm_check or defining a new hook after the binary handler is known.

Even if there is a small mismatch it certainly sounds like something to
investigate.  There are a lot of pieces flying around with IMA so an
appropriate model of what needs to happen isn't in my head.  As opposed
to a signature in an ELF executable and a key in the kernel.

Hooks aside in an IMA world where does the signing key live?  Where does
the signature live?

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/