Quoting Casey Schaufler (ca...@schaufler-ca.com): > > > On 5/31/2017 3:59 AM, Peter Dolding wrote: > > ... > > > > Like you see here in Australian government policy there is another > > thing called whitelisted. > > https://www.asd.gov.au/publications/protect/top_4_mitigations_linux.htm > > Matthew Garrett you might want to call IMA whitelisting Australian > > government for one does not agree. IMA is signed. The difference > > between signed and white-listed is you might have signed a lot more > > than what a particular system is white-listed to allowed used. > > > To be clear, I'm all for a security module to support this policy. > As the explicit requirement is for a whitelist, as opposed to allowing > for a properly configured system*, you can't use any of the existing > technologies to meet it. This kind of thing** is why we have a LSM > infrastructure. > > Unfortunately, the implementation proposed has very serious issues. > You can't do access control from userspace. You can't count on > identifying programs strictly by pathname. It's much more complicated > than it needs to be for the task. > > Suggestion: > > Create an security module that looks for the attribute > > security.WHITELISTED
Bonus, you can have EVM verify the validity of these xattrs, and IMA verify the interity of the file itself.
