On Mon, 2020-11-23 at 18:18 +0100, Pavel Machek wrote:
> > > Basically every other data structure in kernel is "critical" by your
> > > definition, and you can't really measure them all; some of them change
> > > rather often. Going piecemeal does not really help here.
> >
> > Agreed, measuring da
Hi!
> > > >How is it supposed to be useful?
> > > >
> > > >I'm pretty sure there are critical data that are not measured by
> > > >proposed module... and that are written under normal circumstances.
> > > >
> > > The goal of this series is to introduce the IMA hook
> > > measure_critical_data() an
Hi Pavel,
On Sun, 2020-11-22 at 22:00 +0100, Pavel Machek wrote:
> Hi!
>
> > >How is it supposed to be useful?
> > >
> > >I'm pretty sure there are critical data that are not measured by
> > >proposed module... and that are written under normal circumstances.
> > >
> > The goal of this series is
Hi!
> >How is it supposed to be useful?
> >
> >I'm pretty sure there are critical data that are not measured by
> >proposed module... and that are written under normal circumstances.
> >
> The goal of this series is to introduce the IMA hook
> measure_critical_data() and the necessary policies to
Thanks Pavel for looking at this series.
On 2020-11-20 4:46 a.m., Pavel Machek wrote:
On Thu 2020-11-19 15:26:03, Tushar Sugandhi wrote:
Kernel integrity critical data can be defined as the in-memory kernel
data which if accidentally or maliciously altered, can compromise the
integrity of the s
On Thu 2020-11-19 15:26:03, Tushar Sugandhi wrote:
> Kernel integrity critical data can be defined as the in-memory kernel
> data which if accidentally or maliciously altered, can compromise the
> integrity of the system.
Is that an useful definition?
> There are several kernel subsystems that co
Kernel integrity critical data can be defined as the in-memory kernel
data which if accidentally or maliciously altered, can compromise the
integrity of the system.
There are several kernel subsystems that contain integrity critical
data - e.g. LSMs like SELinux, or AppArmor; or device-mapper targ
7 matches
Mail list logo
