Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Tue, Mar 05, 2013 at 08:30:53AM -0500, Mimi Zohar wrote: > On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote: > > On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: > > > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: > > > > Digital signature verification happens using

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Tue, 2013-03-05 at 08:30 -0500, Mimi Zohar wrote: > Digital signature verification happens using integrity_digsig_verify(). > If a digital signature is present in security.ima, then any error, which > happens during signature verification, should lead to status > INTEGRITY_FAIL. In the future

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote: > On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: > > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: > > > Digital signature verification happens using integrity_digsig_verify(). > > > Curently we set integrity to FAIL for

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote: On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: Digital signature verification happens using integrity_digsig_verify(). Curently we set integrity to FAIL for all error

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Tue, 2013-03-05 at 08:30 -0500, Mimi Zohar wrote: Digital signature verification happens using integrity_digsig_verify(). If a digital signature is present in security.ima, then any error, which happens during signature verification, should lead to status INTEGRITY_FAIL. In the future we

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Tue, Mar 05, 2013 at 08:30:53AM -0500, Mimi Zohar wrote: On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote: On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: Digital signature verification happens using

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: > > Digital signature verification happens using integrity_digsig_verify(). > > Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP. > > This sounds out of line.

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: > Digital signature verification happens using integrity_digsig_verify(). > Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP. > This sounds out of line. > > - If appropriate kernel code is not compiled in to verify

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: Digital signature verification happens using integrity_digsig_verify(). Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP. This sounds out of line. - If appropriate kernel code is not compiled in to verify signature

Re: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote: On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: Digital signature verification happens using integrity_digsig_verify(). Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP. This sounds out of line. -