Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme

[Reiner Sailer]

Pavel Machek <pavel@xxxxxx> wrote on 05/25/2005 11:06:01 AM:

> > 
> > If I understand you, then you are claiming that steps (ii) to (v) 
> > introduce buffer overflows in bash or show_etc_issue. How?
> 
> No, I'm not claiming that. You are certainly *not* introducing any new
> problems.
> 
> But some problems that used to be harmless (buffer overrun in
> show_etc_issue command) are not harmless any more.
>                         Pavel

How is a buffer overrun in a script/application less "harmless" with IMA? 
Please be specific. Preliminary IMA patches are out on the mailing lists.

The only thing that IMA does with respect to existing known buffer 
overruns is that it enables remote parties to know that there is an application 
with a known buffer overrun if this application/script was measured. Such 
information is sensitive and this is one reason why direct access to the 
measurements are restricted to authorized/trusted parties.

Thanks
Reiner

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/