LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

IMA appraisal extension

IMA appraisal extension

Posted Mar 29, 2012 20:39 UTC (Thu) by nix (subscriber, #2304)
In reply to: IMA appraisal extension by etienne
Parent article: IMA appraisal extension

No. Demand-loaded executables have always worked by mmap()ing the executable then relying on normal paging to load it into memory. The mmap()ed executable cannot be overwritten while someone has it open (any attempt returns one of -EBUSY or -ETXTBSY, though for some time this did not apply to shared libraries, so attempts to overwrite those caused segfaults, whoops). And, of course, the usual rules apply to unlink()-and-recreate: the old file is still accessed by the users who have it open.

(Log in to post comments)

IMA appraisal extension

Posted Mar 30, 2012 0:09 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

I think the concern was more along the lines that you have to read the entire file into memory to verify the hash before you can use any of the data safely. Filesystems with data checksumming generally hash each block separately (with a Merkle tree or similar to link the hashes together at the inode level), but the article seemed to imply just one hash per file.

IMA appraisal extension

Posted Mar 30, 2012 12:46 UTC (Fri) by nix (subscriber, #2304) [Link]

If so, that would make initial loading of binaries slower (a lot slower for big binaries), but would not preclude use of demand paging after startup.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds