Menu
▾
▴
Re: [Linux-ima-user] Reliability of IMA/EVM against power failure
|
From: Mimi Z. <zo...@li...> - 2014-02-27 22:22:54
|
On Thu, 2014-02-27 at 12:51 -0500, Mimi Zohar wrote: > On Thu, 2014-02-27 at 16:46 +0000, Lipinski, MarekX wrote: > > Hi, > > > > I was wondering what are the possible problems for the IMA > > appraise/EVM-enabled system in case of sudden power failure or system > > crash. > > > > Is it possible that we end up having a new content written to the file > > and IMA or EVM hash not correctly updated causing Permission denied > > after reboot? > > Assuming file system integrity is ok or it was fixed by the fsck. > > Right, any new or modified file would need to be relabeled, if the file > wasn't closed properly. Currently, fixing the 'security.evm' xattr > requires loading the EVM key and booting in fix mode. This would land > up fixing all problems. I'm thinking we probably want something in > between fixing everything to fixing specific files. Then again, we wouldn't be able to differentiate between a failure or an attack. Accessing the file via the file system should be prevented, but an admin, with privilege, would still be able to access the file via the raw device. Mimi |
