Menu
▾
▴
Re: [Linux-ima-user] IMA hash update
|
From: Patrick O. <pat...@in...> - 2015-09-22 18:11:06
|
On Tue, 2015-09-22 at 09:04 -0400, Mimi Zohar wrote: > On Tue, 2015-09-22 at 14:58 +0200, Patrick Ohly wrote: > > Would it be possible to intercept the in-kernel implementation of > > fdatasync() and trigger a hash update *and* a flushing of the xattr? > > That sounds like a good compromise, but would it be enough to resolve > the problem? I suspect that there's still a time window where a file content change has hit the disk while the corresponding xattr change has not, for example between writes and the fdatasync(). It would be much better, but probably not good enough. Primarily I wanted to raise the problem here and get opinions. My conclusion is that writing databases probably should be done where it is not in the IMA policy, even if the risk was reduced by also updating the hash on fdatasync(). -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. |
