Re: [Linux-ima-user] example policy for appraisal with read/write files (was: Re: IMA (latest patch

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2015-08-06 at 14:23 -0400, Mimi Zohar wrote:
> The existing IMA/EVM can provide complete protection against on-line and
> off-line attacks, given the right policy. If the policy says that root
> cannot read or execute any file unless it is signed, then you have a
> complete Biba model. We don't do this by default, as most systems are
> badly designed and won't even boot with such a policy.

You are right. I had come to the same conclusion (complete protection of
a read-only file system works), but forgot to mention it here because
the focus of the mail thread was on systems with read/write files.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.

Re: [Linux-ima-user] example policy for appraisal with read/write files (was: Re: IMA (latest patch

Re: [Linux-ima-user] example policy for appraisal with read/write files (was: Re: IMA (latest patches) do not allow creation of in policy files.)