Re: [PATCH 00/14] EVM

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Shaz

Date: Thursday, June 3, 2010 - 11:53 pm

> Yes, verifying one file containing the hashes would be faster than
quoted text> verifying individual hashes stored as extended attributes (xattrs), but
> this does not take into account that files on a running system are being
> modified or added. On a small form factor, the number of files is
> limited, but would this scale well? In addition, what protects that one
> file containing all the hashes from being modified?  So, if you limit

How about sealing to protect this file?

quoted text> the types of files to those that don't change, and the number of file
> hashes, then using a single file would be faster.



-- 
Shaz
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 00/14] EVM, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 01/14] integrity: move ima inode integrity data man ..., Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 02/14] security: move LSM xattrnames to xattr.h, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 03/14] xattr: define vfs_getxattr_alloc and vfs_xat ..., Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 04/14] evm: re-release, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 05/14] ima: move ima_file_free before releasing the ..., Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 06/14] security: imbed evm calls in security hooks, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 07/14] evm: inode post removexattr, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 08/14] evm: imbed evm_inode_post_setattr, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 09/14] evm: inode_post_init, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 10/14] fs: add evm_inode_post_init calls, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 11/14] ima: integrity appraisal extension, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 12/14] ima: appraise default rules, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 13/14] ima: inode post_setattr, Mimi Zohar, (Wed Apr 21, 2:49 pm)

[PATCH 14/14] ima: add ima_inode_setxattr and ima_inode_re ..., Mimi Zohar, (Wed Apr 21, 2:49 pm)

Re: [PATCH 00/14] EVM, Randy Dunlap, (Wed Apr 21, 2:58 pm)

Re: [PATCH 00/14] EVM, Mimi Zohar, (Wed Apr 21, 3:18 pm)

Re: [PATCH 00/14] EVM, Randy Dunlap, (Wed Apr 21, 3:23 pm)

Re: [PATCH 00/14] EVM, Mimi Zohar, (Wed Apr 21, 3:41 pm)

Re: [PATCH 03/14] xattr: define vfs_getxattr_alloc and vfs ..., Serge E. Hallyn, (Mon Apr 26, 11:50 am)

Re: [PATCH 04/14] evm: re-release, Serge E. Hallyn, (Mon Apr 26, 2:03 pm)

Re: [PATCH 00/14] EVM, James Morris, (Sun May 30, 5:20 pm)

Re: [PATCH 00/14] EVM, Shaz, (Mon May 31, 3:02 am)

Re: [PATCH 00/14] EVM, Shaz, (Mon May 31, 3:08 am)

Re: [PATCH 00/14] EVM, Mimi Zohar, (Tue Jun 1, 12:28 pm)

Re: [PATCH 00/14] EVM, Dmitry Kasatkin, (Wed Jun 2, 12:03 am)

Re: [PATCH 00/14] EVM, Shaz, (Wed Jun 2, 12:50 am)

Re: [PATCH 00/14] EVM, Dmitry Kasatkin, (Wed Jun 2, 2:12 am)

Re: [PATCH 00/14] EVM, Shaz, (Wed Jun 2, 3:15 am)

Re: [PATCH 00/14] EVM, Dmitry Kasatkin, (Wed Jun 2, 3:23 am)

Re: [PATCH 00/14] EVM, Mimi Zohar, (Wed Jun 2, 7:02 am)

Re: [PATCH 00/14] EVM, James Morris, (Thu Jun 3, 5:57 pm)

Re: [PATCH 00/14] EVM, Shaz, (Thu Jun 3, 11:53 pm)

Re: [PATCH 00/14] EVM, Shaz, (Thu Jun 3, 11:56 pm)

Re: [PATCH 04/14] evm: re-release, Stephen Smalley, (Fri Jun 4, 7:28 am)

Re: [PATCH 04/14] evm: re-release, Mimi Zohar, (Fri Jun 4, 7:53 am)

Re: [PATCH 00/14] EVM, Mimi Zohar, (Fri Jun 4, 8:09 am)

Re: [PATCH 04/14] evm: re-release, Stephen Smalley, (Fri Jun 4, 8:20 am)

Re: [PATCH 04/14] evm: re-release, David Safford, (Fri Jun 4, 11:08 am)

Re: [PATCH 00/14] EVM, Shaz, (Fri Jun 4, 11:47 am)

Re: [ProbableSpam] Re: [PATCH 00/14] EVM, David Safford, (Fri Jun 4, 1:25 pm)


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Nick Piggin	Re: [PATCH 2/2] smp_call_function: use rwlocks on queues rather than rcu
Kyle Moffett	Re: [PATCH 1/4] stringbuf: A string buffer implementation
Ingo Molnar	Re: [PATCH 00/12] mm/x86: bootmem
Andrew Morton	Re: [patch 1/5] wait: use lock bitops for __wait_on_bit_lock
git:
Stephen Boyd	Re: [PATCH] Speed up bash completion loading
Jakub Narebski	Re: Avery Pennarun's git-subtree?
Junio C Hamano	Re: [PATCH v2 04/13] Teach rebase interactive the mark command
Catalin Marinas	Re: [ANNOUNCE] Stacked GIT 0.14.2
Eric Wong	[PATCH 5/5] rerere: add the diff command
git-commits-head:
Linux Kernel Mailing List	[POWERPC] fsl_soc: add support to gianfar for fixed-link property
Linux Kernel Mailing List	fat: fix parse_options()
Linux Kernel Mailing List	ipmi: add oem message handling
Linux Kernel Mailing List	powerpc/85xx/86xx: Fix build w/ CONFIG_PCI=n
Linux Kernel Mailing List	KVM: x86 emulator: during rep emulation decrement ECX only if emulation succeeded
linux-netdev:
Paweł Staszewski	Re: DCA/IOAT problem
Jarek Poplawski	Re: [PATCH iproute2] Re: HTB accuracy for high speed
Ingo Oeser	Re: [NET-NEXT PATCH 3/3] e1000e: add support for new 82574L part
Rick Jones	Re: UDP path MTU discovery
Dmitry Kozlov	Re: [PATCH v8] PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)
openbsd-misc:
David Vasek	Re: how to undelete?
Gruppo BCC	Banca inviato una notifica che e necessario completare
Pau Amaro-Seoane	Re: First install: Grub doesn't find partitions
Nick Holland	Re: Unattended OpenBSD Installation
stuart van Zee	Re: CVS hosed