Re: [Linux-ima-user] IMA measurement list layout question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 2010-04-09 at 14:48 +0200, Roberto Sassu wrote:
> Hi Mimi
> 
> sorry for so late reply, i was so busy last month. 
> I successfully tested the EVM patch on a Fedora 12 system and it works well.

Glad it works well.

> I have created some patches for IMA: one is a bug fix in the procedure which 
> handles loading of custom policies through the /sys interface (i released the 
> patch in another mail but now i further investigated the code); the other one 
> contains a modification of the format of the measurement list.

Did you post the patch on a mailing list?  I must have missed it.  If
you want to upstream the patches, could you re-post the patches here
inline, separating the bug fix from other changes - parsing the policy
from the rule matching?

The current policy is an ordered list with clearly defined results. The
rule matching changes have me a bit concerned, as a less specific policy
could override a more specific one, as they both match.

> The proposal is to add other information in such list to give to verifier the 
> ability to better evaluate the integrity of the remote peer. I think that 
> including MAC labels of subject and object can be useful for example when 
> identifying system components affected by a file corruption: may be possible to 
> successful attest the integrity of a platform if critical processes are 
> isolated from those compromised.
> Patches and relative README files are available at:
> 
> http://security.polito.it/tc/kma
> 

Yes, this is a good start for what needs to be included in the template.
Posting the patch here inline would make reviewing easier.

Thanks!

Mimi