Menu
▾
▴
linux-ima-user — Q&A for users of IMA
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(10) |
Mar
(26) |
Apr
(8) |
May
(3) |
Jun
|
Jul
(26) |
Aug
(10) |
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
(13) |
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(7) |
Aug
(8) |
Sep
(5) |
Oct
(16) |
Nov
|
Dec
(6) |
| 2009 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(19) |
Jul
(4) |
Aug
|
Sep
(13) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
| 2010 |
Jan
|
Feb
(2) |
Mar
(17) |
Apr
(28) |
May
|
Jun
(17) |
Jul
(11) |
Aug
(12) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2011 |
Jan
|
Feb
|
Mar
(20) |
Apr
(10) |
May
(1) |
Jun
|
Jul
|
Aug
(15) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(53) |
Mar
(15) |
Apr
(4) |
May
(2) |
Jun
(13) |
Jul
|
Aug
|
Sep
(12) |
Oct
|
Nov
|
Dec
(6) |
| 2013 |
Jan
(7) |
Feb
(8) |
Mar
(4) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(6) |
Oct
|
Nov
(5) |
Dec
(8) |
| 2014 |
Jan
(17) |
Feb
(24) |
Mar
(8) |
Apr
(7) |
May
(18) |
Jun
(15) |
Jul
(5) |
Aug
(2) |
Sep
(49) |
Oct
(28) |
Nov
(7) |
Dec
(30) |
| 2015 |
Jan
(40) |
Feb
|
Mar
(9) |
Apr
(2) |
May
(9) |
Jun
(31) |
Jul
(33) |
Aug
(5) |
Sep
(20) |
Oct
|
Nov
(3) |
Dec
(12) |
| 2016 |
Jan
(14) |
Feb
(29) |
Mar
(10) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(19) |
Sep
(21) |
Oct
(2) |
Nov
(36) |
Dec
(30) |
| 2017 |
Jan
(101) |
Feb
(12) |
Mar
(7) |
Apr
(2) |
May
(29) |
Jun
(22) |
Jul
(7) |
Aug
(93) |
Sep
(27) |
Oct
(39) |
Nov
|
Dec
|
|
From: rinberg\@libero\.it <ri...@li...> - 2007-08-31 07:39:17
|
> you forgot to specify the "&" in front of "mr" in your measure request=
.
>
> The 'write' takes a POINTER.
>
> Please try again changing
>
> write(fd_mreq, mr, sizeof(struct measure_request))
>
> to
> write(fd_mreq, &mr, sizeof(struct measure_request))
>
>
> Greetings
> Reiner
Thank you really for your quick answer, it saved me from a lot of worry a=
s the deadline of the project is coming...
This **solved my issue** :) btw I had those code lines from the:
/usr/src/linux/Documentation/ima/INSTALL
-----------------------------------------------------------------
if (write(fd_mreq, mr, sizeof(struct measure_request)) -- (A)
<error measuring>; |
/* now use the file -- see NOTE below */ |- protec=
ted
... | sectio=
n (see Note)
/* then close the file */ |
close(fd_config) -- (B)
-----------------------------------------------------------------
So this is a sort of "bug report" within the documentation, nothing serio=
us but I trusted them and didn't check the write.
Take care and thanks again,
Rinaldo Bergamini
|
|
From: Reiner S. <sa...@us...> - 2007-08-30 17:26:58
|
you forgot to specify the "&" in front of "mr" in your measure request. The 'write' takes a POINTER. Please try again changing write(fd_mreq, mr, sizeof(struct measure_request)) to write(fd_mreq, &mr, sizeof(struct measure_request)) Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "ri...@li..." <ri...@li...> To: "linux-ima-user" <lin...@li...> Date: 08/30/2007 01:18 PM Subject: [Linux-ima-user] manual measure error Hi. Thanks for the detailed answer of my previous email. I'm trying to manually measure a configuration file with this code: #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <string.h> struct measure_request { int fd; u_int16_t label; }; int fd_mreq, fd_config; struct measure_request mr; int main (int argc, char **argv) { fd_mreq = open("/sys/kernel/security/ima/measurereq", O_WRONLY); fd_config = open(argv[1], O_RDONLY); if (fd_mreq <= 0) printf("non apro mreq"); if (fd_config <= 0) printf("non apro il file da misurare"); mr.fd = fd_config; /* file descriptor of the file that shall be measured */ mr.label=3134; /* any label/tag; it only appears in the measurement entry */ if (write(fd_mreq, mr, sizeof(struct measure_request))) printf("ERROR\n"); close(fd_config); close(fd_mreq); return 0; } It still prints ERROR so no write to the /sys/kernel/security/ima/measurereq that is still loaded with: sudo mount -t securityfs none /sys/kernel/security && sudo chmod +r /sys/kernel/security/ima/* Any help would be appreciated. Thak you. Best Regards, Rinaldo Bergamini ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: rinberg\@libero\.it <ri...@li...> - 2007-08-30 17:18:13
|
Hi. Thanks for the detailed answer of my previous email.
I'm trying to manually measure a configuration file with this code:
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
struct measure_request {
int fd;
u_int16_t label;
};
int fd_mreq, fd_config;
struct measure_request mr;
int main (int argc, char **argv)
{
fd_mreq =3D open("/sys/kernel/security/ima/measurereq", O_WRONLY);
fd_config =3D open(argv[1], O_RDONLY);
if (fd_mreq <=3D 0) printf("non apro mreq");
if (fd_config <=3D 0) printf("non apro il file da misurare");
mr.fd =3D fd_config; /* file descriptor of the file that shall be measu=
red */
mr.label=3D3134; /* any label/tag; it only appears in the measurement e=
ntry */
if (write(fd_mreq, mr, sizeof(struct measure_request)))
printf("ERROR\n");
close(fd_config);
close(fd_mreq);
return 0;
}
It still prints ERROR so no write to the /sys/kernel/security/ima/measure=
req that is still loaded with:
sudo mount -t securityfs none /sys/kernel/security && sudo chmod +r /sys/=
kernel/security/ima/*
Any help would be appreciated.
Thak you. Best Regards,
Rinaldo Bergamini
|
|
From: Reiner S. <sa...@us...> - 2007-08-20 16:59:28
|
Hi Till,
currently the sysfs interface for /sys/kernel/security/ima/measurereq does
not return the measured value.
You could simply call 'sha1sum' on linux systems to get the sha1 of the
file if you need the hash value, which should be identical to the
measurement. This might be easier than scanning the measurement list.
Would this work in your case?
Reiner
"Till Bentz" <ti...@on...>
Sent by: til...@go...
08/20/2007 09:49 AM
Please respond to
ti...@on...
To
Reiner Sailer/Watson/IBM@IBMUS
cc
lin...@li...
Subject
Re: [Linux-ima-user] measurement request
Hi Reiner,
On 8/20/07, Reiner Sailer <sa...@us...> wrote:
Hi Till,
two quick questions to clarify:
i) are you talking about a user-space measurement request ?
Yes. (Via writing to /ima/measurereq)
ii) what do you mean with 'result' of the measurement request (sha1 of the
measured file, the new PCR, or ...) ?
I'd like to get the sha1 of the measured file.
Greetings
Reiner
"Till Bentz" <ti...@on...>
Sent by: lin...@li...
08/20/2007 09:27 AM
Please respond to
ti...@on...
To
lin...@li...
cc
Subject
[Linux-ima-user] measurement request
Hello,
I was wondering if there is a possibility that I issue a measurement
request and get the result of that request as a return value, so I can
work with it without parsing the measurement list beforehand.
Thanks.
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>
http://get.splunk.com/_______________________________________________
Linux-ima-user mailing list
Lin...@li...
https://lists.sourceforge.net/lists/listinfo/linux-ima-user
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Till B. <ti...@on...> - 2007-08-20 13:49:51
|
Hi Reiner, On 8/20/07, Reiner Sailer <sa...@us...> wrote: > > > Hi Till, > > two quick questions to clarify: > > i) are you talking about a user-space measurement request ? Yes. (Via writing to /ima/measurereq) ii) what do you mean with 'result' of the measurement request (sha1 of the > measured file, the new PCR, or ...) ? I'd like to get the sha1 of the measured file. Greetings > Reiner > > > > *"Till Bentz" <ti...@on...>* > Sent by: lin...@li... > > 08/20/2007 09:27 AM Please respond to > ti...@on... > > To > lin...@li... cc > > Subject > [Linux-ima-user] measurement request > > > > > > > Hello, > > I was wondering if there is a possibility that I issue a measurement > request and get the result of that request as a return value, so I can work > with it without parsing the measurement list beforehand. > > Thanks. > > -- > MfG > Till > > ********************************************** > Der Benutzer ist eine nicht zu > tolerierende Quelle der Unsicherheit > ********************************************** > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> > http://get.splunk.com/_______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Reiner S. <sa...@us...> - 2007-08-20 13:33:30
|
Hi Till,
two quick questions to clarify:
i) are you talking about a user-space measurement request ?
ii) what do you mean with 'result' of the measurement request (sha1 of the
measured file, the new PCR, or ...) ?
Greetings
Reiner
"Till Bentz" <ti...@on...>
Sent by: lin...@li...
08/20/2007 09:27 AM
Please respond to
ti...@on...
To
lin...@li...
cc
Subject
[Linux-ima-user] measurement request
Hello,
I was wondering if there is a possibility that I issue a measurement
request and get the result of that request as a return value, so I can
work with it without parsing the measurement list beforehand.
Thanks.
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Linux-ima-user mailing list
Lin...@li...
https://lists.sourceforge.net/lists/listinfo/linux-ima-user
|
|
From: Till B. <ti...@on...> - 2007-08-20 13:27:46
|
Hello,
I was wondering if there is a possibility that I issue a measurement request
and get the result of that request as a return value, so I can work with it
without parsing the measurement list beforehand.
Thanks.
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Kent Y. <shp...@gm...> - 2007-08-14 15:50:35
|
Hi, I've posted a new wiki page for setting up trousers and IMA at: http://trousers.sourceforge.net/wiki/view/Main/TrousersAndIMA Please direct any feedback to either the trousers or linux-ima user lists. Thanks, Kent -- Kent Yoder IBM LTC Security Dev. |
|
From: rinberg\@libero\.it <ri...@li...> - 2007-08-03 08:35:54
|
This workaround works but there's still one issue, the filesize of the me= asures list is reported as zero by the filesystem... A little OT: Thanks Sailer for the reply of a week ago, I'm trying to imp= lement something similar to the test WS you had at IBM and I'm quite done= . Thank you, Rinaldo Bergamini > Hello Till > > On 7/31/07, Till Bentz <ti...@on...> wrote: > > Hi Saurabh, > > > > If I try to copy that file I get a Permission denied. Did you change = the > > file permissions? If yes how did you keep them changed after reboot? > > > > --- > > $ cp /sys/kernel/security/ima/ascii_runtime_measurements > > /home/tbentz/iml.txt > > cp: cannot open > > `/sys/kernel/security/ima/ascii_runtime_measurements' for > > reading: Permission denied > > --- > > > > My /sys/kernel/security/ima/ascii_runtime_measurements is > > readable only for root:root... > > --- > > $ ll /sys/kernel/security/ima/ > > total 0 > > -r--r----- 1 root root 0 2007-07-30 12:09 ascii_runtime_measurements= > > -r--r----- 1 root root 0 2007-07-30 12:09 binary_runtime_measurement= s > > --- > > you can chmod (444/user read) the files evrytime you mount the filesyst= em. > I do think you will have to chmod after every reboot like you mount > each time. else you can add into init/fstab configs to do that for you > aftr each reboot. > > best > Saurabh > > -----------------------------------------------------------------------= -- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser.= > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > =0A=0A=0A------------------------------------------------------=0AScegl= i infostrada: ADSL gratis per tutta l=92estate e telefoni senza canone Te= lecom=0Ahttp://click.libero.it/infostrada=0A |
|
From: Reiner S. <sa...@us...> - 2007-07-31 13:25:10
|
Hi Till, I am making a new patch for 22.1. However, on my system, the old 21.3 patch applies with only a few offsets to 22.1. No mention of 'patch already applied'. It also shows the TCG IMA entry in the configs once I enable SHA1=y and TPM=y (after 'make oldconfig'). Probably try the 22.1 kernel with the current 21.3 patch or wait until I push the new patch up on sourceforge hopefully today/tonight. Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ "Till Bentz" <ti...@on...> Sent by: til...@go... 07/31/2007 03:29 AM Please respond to ti...@on... To Reiner Sailer/Watson/IBM@IBMUS cc lin...@li... Subject Re: [Linux-ima-user] Problems using IMA Hi Reiner On 7/31/07, Reiner Sailer <sa...@us...> wrote: Hi, let us do some cross-checking for the configuration: - do you see NSA SELinux as an option (under security)? - do you have SHA1 enabled --y-- (in crypto options)? - do you TPM eneabled --y-- (in drivers/char)? I think I can answer all questions with yes. Tonight I can send you a copy of the config, if you are interested. Thanks. Unfortunately, it seems that dependent configs only become visible once the dependencies are resolved. If all the answers above are yes, then it is time for creating a new patch ... Let me know Reiner "Till Bentz" <ti...@on...> Sent by: lin...@li... 07/30/2007 06:00 PM Please respond to ti...@on... To lin...@li... cc Subject [Linux-ima-user] Problems using IMA Hello, I am trying to get IMA running on my T60 laptop. As far as I understood it has a TPM that is working using TPM_Tis. I have kernel 2.6.22 and ibm_ima_8.0_2.6.21.3.patch. If I apply the patch it works fine except the changes in the Makefile which seem to be applied already. My problem is now, that in my config (using make xconfig) is no option to enable IMA as stated in the Readme. Thanks for any help. -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Reiner S. <sa...@us...> - 2007-07-31 13:19:00
|
Hi Till, The reason these logs are protected are that these logs include the fingerprints of all applications that run on the system. There are two ways this could be abused a) privacy: these fingerprints give away which programs the system runs, which 'could' be related back to the users assuming the 'users' control the system and not some bot... b) security: these fingerprints are valuable to attackers (also to local users) because they help determining potential application vulnerabilities and exploits; the usual race between 'us' knowing where to improve security and 'them' knowing gaining knowledge where security is low So the hope is that priviledged applications are less vulnerable and follow the system policy with regard to whom such measurement lists are exposed. The TSS stack would hopefully in the future implement access controls and policies for this purpose and be the only process accessing the measurements directly. In standard Unix we only have 'user', and 'group' to differentiate processes; so we use 'root'. In labeled systems, such as SELinux or EVM/SLIM, the TSS could get its own domain/label and access to the measurements and TPM interfaces could be restricted to this process only. Helps? Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ "Till Bentz" <ti...@on...> Sent by: til...@go... 07/31/2007 04:30 AM Please respond to ti...@on... To Reiner Sailer/Watson/IBM@IBMUS cc Subject Re: [Linux-ima-user] Problems using IMA Hello Reiner, I was wondering if there are security reasons why the measurement files are only readable to root. From my understanding it should be easy to make them readable by everyone and at the moment I can't see a problem with that. I think it would make the development of applications much easier... I looked into the patch and it seems that I would only have to add a "S_IROTH" to the creation of the measurement files... Thanks for your help. On 7/31/07, Till Bentz <ti...@on...> wrote: Hi Reiner On 7/31/07, Reiner Sailer < sa...@us...> wrote: Hi, let us do some cross-checking for the configuration: - do you see NSA SELinux as an option (under security)? - do you have SHA1 enabled --y-- (in crypto options)? - do you TPM eneabled --y-- (in drivers/char)? I think I can answer all questions with yes. Tonight I can send you a copy of the config, if you are interested. Thanks. Unfortunately, it seems that dependent configs only become visible once the dependencies are resolved. If all the answers above are yes, then it is time for creating a new patch ... Let me know Reiner "Till Bentz" <ti...@on...> Sent by: lin...@li... 07/30/2007 06:00 PM Please respond to ti...@on... To lin...@li... cc Subject [Linux-ima-user] Problems using IMA Hello, I am trying to get IMA running on my T60 laptop. As far as I understood it has a TPM that is working using TPM_Tis. I have kernel 2.6.22 and ibm_ima_8.0_2.6.21.3.patch. If I apply the patch it works fine except the changes in the Makefile which seem to be applied already. My problem is now, that in my config (using make xconfig) is no option to enable IMA as stated in the Readme. Thanks for any help. -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Saurabh A. <tan...@gm...> - 2007-07-31 08:04:40
|
Hello Till On 7/31/07, Till Bentz <ti...@on...> wrote: > Hi Saurabh, > > If I try to copy that file I get a Permission denied. Did you change the > file permissions? If yes how did you keep them changed after reboot? > > --- > $ cp /sys/kernel/security/ima/ascii_runtime_measurements > /home/tbentz/iml.txt > cp: cannot open > `/sys/kernel/security/ima/ascii_runtime_measurements' for > reading: Permission denied > --- > > My /sys/kernel/security/ima/ascii_runtime_measurements is > readable only for root:root... > --- > $ ll /sys/kernel/security/ima/ > total 0 > -r--r----- 1 root root 0 2007-07-30 12:09 ascii_runtime_measurements > -r--r----- 1 root root 0 2007-07-30 12:09 binary_runtime_measurements > --- you can chmod (444/user read) the files evrytime you mount the filesystem. I do think you will have to chmod after every reboot like you mount each time. else you can add into init/fstab configs to do that for you aftr each reboot. best Saurabh |
|
From: Till B. <ti...@on...> - 2007-07-31 07:41:18
|
Hi Saurabh,
If I try to copy that file I get a Permission denied. Did you change the
file permissions? If yes how did you keep them changed after reboot?
---
$ cp /sys/kernel/security/ima/ascii_runtime_measurements
/home/tbentz/iml.txt
cp: cannot open `/sys/kernel/security/ima/ascii_runtime_measurements' for
reading: Permission denied
---
My /sys/kernel/security/ima/ascii_runtime_measurements is readable only for
root:root...
---
$ ll /sys/kernel/security/ima/
total 0
-r--r----- 1 root root 0 2007-07-30 12:09 ascii_runtime_measurements
-r--r----- 1 root root 0 2007-07-30 12:09 binary_runtime_measurements
---
Thanks.
On 7/30/07, Saurabh Arora <tan...@gm...> wrote:
>
> Hello Till
>
> On 7/30/07, Till Bentz <ti...@on...> wrote:
> > Hello Saurabh,
> >
> > thanks for your help. I have one more question :)
> > Do you have to execute your program as root, or is there is possibility
> to
> > avoid this?
> >
>
> you can copy it anywhere, by any name, under any user level, not
> necessarily root. just take care of Linux file permissions.
>
> best
> Saurabh
>
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Till B. <ti...@on...> - 2007-07-31 07:29:10
|
Hi Reiner On 7/31/07, Reiner Sailer <sa...@us...> wrote: > > Hi, > > let us do some cross-checking for the configuration: > > - do you see NSA SELinux as an option (under security)? > - do you have SHA1 enabled --y-- (in crypto options)? > - do you TPM eneabled --y-- (in drivers/char)? I think I can answer all questions with yes. Tonight I can send you a copy of the config, if you are interested. Thanks. Unfortunately, it seems that dependent configs only become visible once > the dependencies are resolved. > > If all the answers above are yes, then it is time for creating a new patch > ... > Let me know > > Reiner > > > > > "Till Bentz" <ti...@on...> > Sent by: lin...@li... > 07/30/2007 06:00 PM > Please respond to > ti...@on... > > > To > lin...@li... > cc > > Subject > [Linux-ima-user] Problems using IMA > > > > > > > Hello, > > I am trying to get IMA running on my T60 laptop. As far as I understood it > has a TPM that is working using TPM_Tis. > > I have kernel 2.6.22 and ibm_ima_8.0_2.6.21.3.patch. If I apply the patch > it works fine except the changes in the Makefile which seem to be applied > already. > > My problem is now, that in my config (using make xconfig) is no option to > enable IMA as stated in the Readme. > > Thanks for any help. > > -- > MfG > Till > > ********************************************** > Der Benutzer ist eine nicht zu > tolerierende Quelle der Unsicherheit > ********************************************** > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Reiner S. <sa...@us...> - 2007-07-30 22:07:12
|
Hi,
let us do some cross-checking for the configuration:
- do you see NSA SELinux as an option (under security)?
- do you have SHA1 enabled --y-- (in crypto options)?
- do you TPM eneabled --y-- (in drivers/char)?
Unfortunately, it seems that dependent configs only become visible once
the dependencies are resolved.
If all the answers above are yes, then it is time for creating a new patch
...
Let me know
Reiner
"Till Bentz" <ti...@on...>
Sent by: lin...@li...
07/30/2007 06:00 PM
Please respond to
ti...@on...
To
lin...@li...
cc
Subject
[Linux-ima-user] Problems using IMA
Hello,
I am trying to get IMA running on my T60 laptop. As far as I understood it
has a TPM that is working using TPM_Tis.
I have kernel 2.6.22 and ibm_ima_8.0_2.6.21.3.patch. If I apply the patch
it works fine except the changes in the Makefile which seem to be applied
already.
My problem is now, that in my config (using make xconfig) is no option to
enable IMA as stated in the Readme.
Thanks for any help.
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Linux-ima-user mailing list
Lin...@li...
https://lists.sourceforge.net/lists/listinfo/linux-ima-user
|
|
From: Till B. <ti...@on...> - 2007-07-30 22:01:02
|
Hello,
I am trying to get IMA running on my T60 laptop. As far as I understood it
has a TPM that is working using TPM_Tis.
I have kernel 2.6.22 and ibm_ima_8.0_2.6.21.3.patch. If I apply the patch it
works fine except the changes in the Makefile which seem to be applied
already.
My problem is now, that in my config (using make xconfig) is no option to
enable IMA as stated in the Readme.
Thanks for any help.
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Reiner S. <sa...@us...> - 2007-07-30 15:49:34
|
Hi Till, I find your experience information with Java TSS / Wrapper very useful! It is good to share such information on the list and help others. >I think it was me who had the question and Saurabh who had the solution :) Sorry about this. Thanks Saurabh! Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ "Till Bentz" <ti...@on...> Sent by: til...@go... 07/30/2007 11:42 AM Please respond to ti...@on... To Reiner Sailer/Watson/IBM@IBMUS cc sau...@ie..., lin...@li... Subject Re: [Linux-ima-user] How to read the xxxx_runtime_measurements Hello Reiner, I am using trousers as well as trusted Java. I had problems to get the stand alone Java TSS running so I use the wrapper to use Java with trousers. That works quite OK. It seems to be very slow, but so far that's the only problem I encountered. On 7/30/07, Reiner Sailer <sa...@us...> wrote: Hi Saurabh, I assume Java has problems reading the sysfs pseudo-device file. I experienced similar problems when trying 'scp' (secure copy from remote). Till shows a simple workaround that work fine. I think it was me who had the question and Saurabh who had the solution :) Another solution could be using the TrouSerS open-source software stack (http://trousers.sourceforge.net/). To my knowledge you can get both the TPM and the IMA measurements through TrouSerS. I didn't know that. But maybe I will look into that. Even though I must say I am running out of time at the moment :) Another team in Europe developed a java wrapper for the TrouSerS c-library at http://trustedjava.sourceforge.net (I did not try it yet). This team also shows a full stand-alone java TSS stack on their web site but I do not know if this TSS supports IMA measurements. If you install a TSS stack, it helps you to get other services from the TPM as well, such as quotes. I do my quote via trustedJava with trousers. It seems to work. The only problem I have is, that I do not have any of the credentials, so I have to cheat a bit at that point. Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer "Saurabh Arora" <tan...@gm...> Sent by: lin...@li... 07/30/2007 08:17 AM Please respond to sau...@ie... To ti...@on... cc lin...@li... Subject Re: [Linux-ima-user] How to read the xxxx_runtime_measurements Hello Till On 7/30/07, Till Bentz <ti...@on...> wrote: > Hello, > > I was wondering if someone could help me with figuring out how to read the > xxxx_runtime measurements from inside a Java program. I implemented a Java > tool, that does the TPM quote. Now I want to read the measurements done by > IMA but I somehow can't read the file. I think a problem might be that the > file has a size of 0 and therefore is not readable with Java (?) to do the same, I used linux command line inside my java program, like this : ------------ String[] cmdArray = {"cp", "/sys/kernel/security/ima/ascii_runtime_measurements", "/root/iml.txt"}; Runtime.getRuntime().exec(cmdArray); ------------ and then use the iml txt file as you wish to. HTH best Saurabh ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Till B. <ti...@on...> - 2007-07-30 15:42:31
|
Hello Reiner, I am using trousers as well as trusted Java. I had problems to get the stand alone Java TSS running so I use the wrapper to use Java with trousers. That works quite OK. It seems to be very slow, but so far that's the only problem I encountered. On 7/30/07, Reiner Sailer <sa...@us...> wrote: > > Hi Saurabh, > > I assume Java has problems reading the sysfs pseudo-device file. I > experienced similar problems when trying 'scp' (secure copy from remote). > > Till shows a simple workaround that work fine. I think it was me who had the question and Saurabh who had the solution :) Another solution could be using the TrouSerS open-source software stack > (http://trousers.sourceforge.net/). To my knowledge you can get both the > TPM and the IMA measurements through TrouSerS. I didn't know that. But maybe I will look into that. Even though I must say I am running out of time at the moment :) Another team in Europe > developed a java wrapper for the TrouSerS c-library at > http://trustedjava.sourceforge.net (I did not try it yet). This team also > shows a full stand-alone java TSS stack on their web site but I do not > know if this TSS supports IMA measurements. > > If you install a TSS stack, it helps you to get other services from the > TPM as well, such as quotes. I do my quote via trustedJava with trousers. It seems to work. The only problem I have is, that I do not have any of the credentials, so I have to cheat a bit at that point. Reiner > __________________________________________________________ > Reiner Sailer, Research Staff Member, Secure Systems Department > IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 > Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... > http://www.research.ibm.com/people/s/sailer > > > > "Saurabh Arora" <tan...@gm...> > Sent by: lin...@li... > 07/30/2007 08:17 AM > Please respond to > sau...@ie... > > > To > ti...@on... > cc > lin...@li... > Subject > Re: [Linux-ima-user] How to read the xxxx_runtime_measurements > > > > > > > Hello Till > > On 7/30/07, Till Bentz <ti...@on...> wrote: > > Hello, > > > > I was wondering if someone could help me with figuring out how to read > the > > xxxx_runtime measurements from inside a Java program. I implemented a > Java > > tool, that does the TPM quote. Now I want to read the measurements done > by > > IMA but I somehow can't read the file. I think a problem might be that > the > > file has a size of 0 and therefore is not readable with Java (?) > > to do the same, I used linux command line inside my java program, like > this : > ------------ > String[] cmdArray = {"cp", > "/sys/kernel/security/ima/ascii_runtime_measurements", > "/root/iml.txt"}; > Runtime.getRuntime().exec(cmdArray); > ------------ > > and then use the iml txt file as you wish to. > > HTH > > best > Saurabh > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Reiner S. <sa...@us...> - 2007-07-30 15:33:07
|
Hi Saurabh, I assume Java has problems reading the sysfs pseudo-device file. I experienced similar problems when trying 'scp' (secure copy from remote). Till shows a simple workaround that work fine. Another solution could be using the TrouSerS open-source software stack (http://trousers.sourceforge.net/). To my knowledge you can get both the TPM and the IMA measurements through TrouSerS. Another team in Europe developed a java wrapper for the TrouSerS c-library at http://trustedjava.sourceforge.net (I did not try it yet). This team also shows a full stand-alone java TSS stack on their web site but I do not know if this TSS supports IMA measurements. If you install a TSS stack, it helps you to get other services from the TPM as well, such as quotes. Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ "Saurabh Arora" <tan...@gm...> Sent by: lin...@li... 07/30/2007 08:17 AM Please respond to sau...@ie... To ti...@on... cc lin...@li... Subject Re: [Linux-ima-user] How to read the xxxx_runtime_measurements Hello Till On 7/30/07, Till Bentz <ti...@on...> wrote: > Hello, > > I was wondering if someone could help me with figuring out how to read the > xxxx_runtime measurements from inside a Java program. I implemented a Java > tool, that does the TPM quote. Now I want to read the measurements done by > IMA but I somehow can't read the file. I think a problem might be that the > file has a size of 0 and therefore is not readable with Java (?) to do the same, I used linux command line inside my java program, like this : ------------ String[] cmdArray = {"cp", "/sys/kernel/security/ima/ascii_runtime_measurements", "/root/iml.txt"}; Runtime.getRuntime().exec(cmdArray); ------------ and then use the iml txt file as you wish to. HTH best Saurabh ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Saurabh A. <tan...@gm...> - 2007-07-30 12:43:22
|
Hello Till On 7/30/07, Till Bentz <ti...@on...> wrote: > Hello Saurabh, > > thanks for your help. I have one more question :) > Do you have to execute your program as root, or is there is possibility to > avoid this? > you can copy it anywhere, by any name, under any user level, not necessarily root. just take care of Linux file permissions. best Saurabh |
|
From: Till B. <ti...@on...> - 2007-07-30 12:26:19
|
Hello Saurabh,
thanks for your help. I have one more question :)
Do you have to execute your program as root, or is there is possibility to
avoid this?
On 7/30/07, Saurabh Arora <tan...@gm...> wrote:
>
> Hello Till
>
> On 7/30/07, Till Bentz <ti...@on...> wrote:
> > Hello,
> >
> > I was wondering if someone could help me with figuring out how to read
> the
> > xxxx_runtime measurements from inside a Java program. I implemented a
> Java
> > tool, that does the TPM quote. Now I want to read the measurements done
> by
> > IMA but I somehow can't read the file. I think a problem might be that
> the
> > file has a size of 0 and therefore is not readable with Java (?)
>
> to do the same, I used linux command line inside my java program, like
> this :
> ------------
> String[] cmdArray = {"cp",
> "/sys/kernel/security/ima/ascii_runtime_measurements",
> "/root/iml.txt"};
> Runtime.getRuntime().exec(cmdArray);
> ------------
>
> and then use the iml txt file as you wish to.
>
> HTH
>
> best
> Saurabh
>
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Saurabh A. <tan...@gm...> - 2007-07-30 12:17:55
|
Hello Till
On 7/30/07, Till Bentz <ti...@on...> wrote:
> Hello,
>
> I was wondering if someone could help me with figuring out how to read the
> xxxx_runtime measurements from inside a Java program. I implemented a Java
> tool, that does the TPM quote. Now I want to read the measurements done by
> IMA but I somehow can't read the file. I think a problem might be that the
> file has a size of 0 and therefore is not readable with Java (?)
to do the same, I used linux command line inside my java program, like this :
------------
String[] cmdArray = {"cp",
"/sys/kernel/security/ima/ascii_runtime_measurements",
"/root/iml.txt"};
Runtime.getRuntime().exec(cmdArray);
------------
and then use the iml txt file as you wish to.
HTH
best
Saurabh
|
|
From: Till B. <ti...@on...> - 2007-07-30 11:04:06
|
Hello,
I was wondering if someone knows how I can achieve a fixed boot order, so
that the measurement list would be the same for every boot process (or at
least for the first modules until I can load a specific one). I would like
to be able to define a boot order and decide about the trustworthiness
depending on that order. Is that possible? If yes, does anyone how to
achieve it?
Thanks a lot!
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Till B. <ti...@on...> - 2007-07-30 08:16:59
|
Hello,
I was wondering if someone could help me with figuring out how to read the
xxxx_runtime measurements from inside a Java program. I implemented a Java
tool, that does the TPM quote. Now I want to read the measurements done by
IMA but I somehow can't read the file. I think a problem might be that the
file has a size of 0 and therefore is not readable with Java (?)
Thank you for your help!
--
MfG
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Reiner S. <sa...@us...> - 2007-07-25 03:12:23
|
SGkgUmluYWxkbywNCg0KdGhlIGRlbW9uc3RyYXRpb24gc3lzdGVtIGFuZCB3ZWIgc2VydmljZSBh cmUgYXQgdGhpcyB0aW1lIHByb3ByaWV0YXJ5LiBUaGUgDQpqYXZhIHNlcnZpY2UgY2FsbGVkIGEg cHJvcHJpZXRhcnkgcXVvdGUgZGFlbW9uLCB3aGljaCBpcyBjYWxsZWQgd2l0aCBhIA0Kbm9uY2Ug YW5kIHJlc3BvbmRzIHdpdGggIGEgVFBNIFBDUiBxdW90ZSAoc29ja2V0IGludGVyZmFjZSkuIFRo ZSBqYXZhIA0Kc2VydmljZSBzaW1wbHkgcmVhZHMgdGhlIGFzY2lpIG1lYXN1cmVtZW50cyBmcm9t IGdydWIgYW5kIElNQSBvdXQgb2YgdGhlIA0KL3Byb2MgZmlsZSBzeXN0ZW0gKHRvZGF5LCB0aG9z ZSBtZWFzdXJlbWVudHMgYXJlIGV4cG9ydGVkIHRocm91Z2ggdGhlIC9zeXMgDQppbnRlcmZhY2Up Lg0KDQpUaGVyZSBhcmUgc29tZSBvcGVuc291cmNlIGNvbXBvbmVudHMgdGhhdCBjYW4gaGVscCB5 b3UgdG8gc3RhcnQgYnVpbGRpbmcgDQphdHRlc3RhdGlvbiBzZXJ2aWNlczogIHRoZSBUcm91U2Vy UyBvcGVuIHNvdXJjZSBzb2Z0d2FyZSBzdGFjayBpcyANCmF2YWlsYWJsZSBhbmQgb2ZmZXJzIHRo ZSBzZXJ2aWNlcyB5b3UgbmVlZCBpbiBhIHVzZXIgc3BhY2UgcHJvZ3JhbSB0byANCmFjY2VzcyB0 aGUgVFBNLiBZb3UgY291bGQgY29uc3VsdCB0aGUgVHJvdVNlclMgc291cmNlZm9yZ2UgcHJvamVj dCBmb3IgDQptb3JlIGluZm9ybWF0aW9uLg0KDQpBbHNvLCB0aGUgdHJhaWxlciBvZiB0aGUgZm9s bG93aW5nIHBhZ2UgaW5jbHVkZXMgbW9yZSByZWZlcmVuY2VzIHRvIA0KSU1BLXJlbGF0ZWQgc291 cmNlIGNvZGUgYW5kIHRvb2xzOg0KaHR0cDovL2RvbWluby5yZXNlYXJjaC5pYm0uY29tL2NvbW0v cmVzZWFyY2hfcGVvcGxlLm5zZi9wYWdlcy9zYWlsZXIuaW1hLmh0bWwNCg0KSSBob3BlIHRoaXMg aGVscHMuDQpSZWluZXINCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NClJlaW5lciBTYWlsZXIsIFJlc2VhcmNoIFN0YWZmIE1lbWJlciwg U2VjdXJlIFN5c3RlbXMgRGVwYXJ0bWVudA0KSUJNIFQgSiBXYXRzb24gUmVzZWFyY2ggQ3RyLCAx OSBTa3lsaW5lIERyaXZlLCBIYXd0aG9ybmUgTlkgMTA1MzINClBob25lOiA5MTQgNzg0IDYyODAg ICh0L2wgODYzKSAgRmF4OiA5MTQgNzg0IDYyMDUsIHNhaWxlckB1cy5pYm0uY29tIA0KaHR0cDov L3d3dy5yZXNlYXJjaC5pYm0uY29tL3Blb3BsZS9zL3NhaWxlci8NCg0KDQoNCiJyaW5iZXJnQGxp YmVyby5pdCIgPHJpbmJlcmdAbGliZXJvLml0PiANClNlbnQgYnk6IGxpbnV4LWltYS11c2VyLWJv dW5jZXNAbGlzdHMuc291cmNlZm9yZ2UubmV0DQowNy8yMy8yMDA3IDEwOjQ2IEFNDQoNClRvDQoi bGludXgtaW1hLXVzZXIiIDxsaW51eC1pbWEtdXNlckBsaXN0cy5zb3VyY2Vmb3JnZS5uZXQ+DQpj Yw0KDQpTdWJqZWN0DQpbTGludXgtaW1hLXVzZXJdIGF0dGVzdGF0aW9uIHdlYiBzZXJ2aWNlDQoN Cg0KDQoNCg0KDQpSZWFkaW5nIHRoZSBQREYgZG9jdW1lbnQ6DQoNCiJUaGUgcm9sZSBvZiBUUE0g aW4gRW50ZXJwcmlzZSBTZWN1cml0eSIgKFNhaWxlciwgVmFuIERvb3JuLCBXYXJkKQ0KDQpJIG5v dGljZWQgdGhlIHRlc3RzIG9uIElNQSBoYXMgYmVlbiBwZXJmb3JtZWQgdGhyb3VnaCBhIHdlYiBz ZXJ2aWNlIGFuZCBpbiANCnRoZSBwYXBlciB0aGVyZSBhcmUgc2NyZWVuc2hvdHMgb2YgYSBqYXZh IGRlbW8gR1VJLiBJJ2QgbGlrZSB0byBrbm93IGlmIA0KdGhlIGNvZGUgb2YgdGhpcyB3ZWJzZXJ2 aWNlIGlzIGRvd25sb2FkYWJsZSBzb21ld2hlcmUgYW5kIHdoYXQga2luZCBvZiANCmphdmEgaW50 ZXJmYWNlIGhhcyBiZWVuIHVzZWQgdG8gaW50ZXJhY3Qgd2l0aCBJTUEgYW5kIHRoZSBUUE0uDQoN ClRoYW5rIHlvdS4gQmVzdCByZWdhcmRzLA0KDQpSaW5hbGRvIEJlcmdhbWluaQ0KPHJpbmJlcmdA bGliZXJvLml0Pg0KaHR0cDovL3d3dy5jZS51bmlwci5pdC9+YmVyZ2FtLw0KDQoNCi0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KTGVnZ2kgR1JB VElTIGxlIHR1ZSBtYWlsIGNvbiBpbCB0ZWxlZm9uaW5vIGktbW9kZeKEoiBkaSBXaW5kDQpodHRw Oi8vaS1tb2RlLndpbmQuaXQvDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KVGhpcyBTRi5uZXQgZW1h aWwgaXMgc3BvbnNvcmVkIGJ5OiBTcGx1bmsgSW5jLg0KU3RpbGwgZ3JlcHBpbmcgdGhyb3VnaCBs b2cgZmlsZXMgdG8gZmluZCBwcm9ibGVtcz8gIFN0b3AuDQpOb3cgU2VhcmNoIGxvZyBldmVudHMg YW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMgdXNpbmcgQUpBWCBhbmQgYSBicm93c2VyLg0KRG93bmxv YWQgeW91ciBGUkVFIGNvcHkgb2YgU3BsdW5rIG5vdyA+PiAgaHR0cDovL2dldC5zcGx1bmsuY29t Lw0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkxpbnV4 LWltYS11c2VyIG1haWxpbmcgbGlzdA0KTGludXgtaW1hLXVzZXJAbGlzdHMuc291cmNlZm9yZ2Uu bmV0DQpodHRwczovL2xpc3RzLnNvdXJjZWZvcmdlLm5ldC9saXN0cy9saXN0aW5mby9saW51eC1p bWEtdXNlcg0KDQoNCg== |
32 messages has been excluded from this view by a project administrator.
