Pavel Machek <firstname.lastname@example.org> made the same kind of objection on lkml saying "What is it good for, then? So I have to put my backdoor into script,
not into an executable...".
Reiner Sailer <email@example.com> replied Scripts can be measured as well (from the user space). For example, equipping the bash shell with 5-10 lines of code, bash initiates IMA measurements on scripts and files that are sourced into bash before they are "executed" by bash. This way, startup scripts and executed scripts can be logged as measurements and the measuremnt list will include them.
That led to more talk about lots of things and with Pavel concluding Well, you'll have to add measurement of any security-sensitive config file, any script, and will have to make sure that all parsing of system config files does not contain buffer-overrun problems. That's lot of work before IMA is usefull. It is true you do not make situation any worse.
What I wonder is if you can measure arbritary files from userspace what is to stop you from using altered scripts but also having the valid scripts put into the list?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds