A possible step toward integrity measurement for Fedora
The purpose of IMA is to measure whether the integrity of the system is intact, where "integrity" means that the important files in the system have not been corrupted. At its core, this measurement is carried out by reading a file's contents, computing a hash, and comparing that hash to the expected value; if the values match, the file has not been altered. This measurement can be used to prevent the execution (or reading) of corrupted files; it can also be used as part of a remote attestation scheme to convince a remote party that the local system has not been subjected to unauthorized modifications.
To perform this measurement, IMA clearly must know what the expected hash for each file is; those hashes are signed with a key trusted by the kernel and stored as extended attributes. Generally, the private key used to sign these hashes is kept in some secure location, while the public key is either stored in a device like a trusted platform module (TPM) or built into the kernel binary. If all works as intended, IMA can thus be used to ensure that systems only run executables that have been blessed by some central authority, that those executables only read configuration files that have been similarly blessed, and so on. It is a mechanism for ensuring that the owner of a system keeps control of it; whether this is a good thing or not depends entirely on who the "owner" is defined to be.
The actual proposal
does not go so far as to implement IMA on Fedora systems;
it is limited to including signatures with every file that is shipped in Fedora
packages. These signatures "will be made with a key that’s kept by
the Fedora Infrastructure team, and installed on the sign vaults
".
Fedora users would then be able to use IMA to keep their systems from using
files that have been modified since they were packaged. An actual IMA
setup for Fedora can be expected to come at some future time.
Using stereotypes is always a hazardous business, but it is still probably safe to say that a typical Fedora user is uninterested in the prospect of some central authority controlling which programs may be run on their systems. That said, there may be situations where IMA could be useful. It seems that the push for these signatures is coming from the parts of the Fedora project working on initiatives like Fedora CoreOS, where much of the system is, in fact, meant to be immutable. It seems unlikely that there will be much call for IMA in, say, the desktop edition, but one never knows. It would be surprising indeed if that edition were to enable IMA by default.
In other words, Fedora users need not fear having IMA pushed on them against their will. But there are still reasons for concern about this proposal. One of those is the simple problem of bloating Fedora packages with that signature data; Panu Matilainen looked into it and found that the overhead is 1,745 bytes for each file, nearly doubling the size of smaller packages. A typical Fedora installation has many files; the extra overhead caused by the signatures adds up to a lot of extra disk space and bandwidth that may well not be useful to a large percentage of Fedora users. That has led to suggestions that perhaps the signatures should be stored in separate packages that could be installed if desired.
Florian Weimer, meanwhile, suggested that, to remain in compliance with the GPLv3 license, Fedora would have to make the signing key available on request. It's not clear that releasing that key would actually be required, though. In any case, that would be a concern for anybody distributing locked-down Fedora systems, and not the Fedora project itself. Meanwhile, as Colin Walters pointed out, any IMA implementation in Fedora would have to make it possible for users to supply their own keys.
There were also some questions about whether IMA is the best technology for this sort of assurance; a couple of participants suggested looking at fs-verity instead. It provides more efficient signature storage and verification with every read; support for fs-verity in RPM is evidently in the works. This is an option that needs to be more fully considered, given that Fedora probably needs to make a choice between IMA and fs-verity. Getting one signature into Fedora packages is a bit of a hard sell; adding a second for yet another integrity scheme would be rather harder yet.
There has been no decision made on this proposal as of this writing; that
will likely have to happen at a meeting of the engineering steering
committee. Given the concerns that have been raised, and the bloat
concern in particular, it would not be surprising to see this idea pushed
back for another release cycle. That is a lot of extra data for every
Fedora user to download and store, and there is currently no established
way for those users to actually benefit from it. Support for integrity
measurement may eventually come to Fedora, but the feature seems less than
fully baked at the moment.
| Index entries for this article | |
|---|---|
| Security | Distribution security |
| Security | Integrity |
Posted Jan 8, 2021 16:19 UTC (Fri)
by amacater (subscriber, #790)
[Link] (8 responses)
Posted Jan 8, 2021 23:15 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (7 responses)
This hasn't been true in well over a decade
https://fedoraproject.org/wiki/Features/StrongerHashes
Posted Jan 9, 2021 1:35 UTC (Sat)
by zlynx (guest, #2285)
[Link]
rpm -V still reports a "5" for hash mismatch but it is not MD5.
Posted Jan 9, 2021 9:22 UTC (Sat)
by Wol (subscriber, #4433)
[Link] (5 responses)
> This hasn't been true in well over a decade
And to what extend is it relevant? How easy is it to produce a signature collision with those hashes? Sorry I haven't been following it particularly, but producing a collision is harder than just breaking the hash. Or have they now got automated "hack a collision" malware out there now?
Cheers,
Posted Jan 9, 2021 10:15 UTC (Sat)
by dtlin (subscriber, #36537)
[Link] (1 responses)
MD5 is broken to the extent that chosen prefix collisions can be found on commodity hardware. https://github.com/corkami/collisions
SHA-1 isn't *that* broken yet, but it's getting there. https://sha-mbles.github.io/
Posted Jan 9, 2021 11:44 UTC (Sat)
by Wol (subscriber, #4433)
[Link]
Cheers,
Posted Jan 9, 2021 12:47 UTC (Sat)
by Sesse (subscriber, #53779)
[Link] (2 responses)
Producing a collision is typically the _easiest_ attack that would be considered breaking the hash, no?
Posted Jan 10, 2021 19:28 UTC (Sun)
by iabervon (subscriber, #722)
[Link] (1 responses)
Posted Jan 10, 2021 20:13 UTC (Sun)
by Creideiki (subscriber, #38747)
[Link]
Posted Jan 8, 2021 16:40 UTC (Fri)
by calumapplepie (guest, #143655)
[Link] (12 responses)
Also, on Debian, apt-secure signs and verifies every package on installation. Does Fedora lack a similar system? Because if not, then why are the signitures for this plan problematic?
Thanks for any clarifications.
Posted Jan 8, 2021 23:23 UTC (Fri)
by nivedita76 (subscriber, #121790)
[Link] (4 responses)
Posted Jan 8, 2021 23:31 UTC (Fri)
by nivedita76 (subscriber, #121790)
[Link]
Posted Jan 9, 2021 7:49 UTC (Sat)
by epa (subscriber, #39769)
[Link] (2 responses)
Posted Jan 9, 2021 8:08 UTC (Sat)
by zdzichu (subscriber, #17118)
[Link] (1 responses)
Posted Jan 9, 2021 14:14 UTC (Sat)
by walters (subscriber, #7396)
[Link]
In the age of containerization, not every compromise is "I have full root". In the Fedora thread I gave the example of the runc vulnerability which likely also would have been blocked by an enforced fsverity/IMA type policy.
Now of course, some non-small percentage (30%) of "escalate local to root" type vulnerabilities are pure memory corruption type things in the kernel that almost nothing will stop except fixing the bug. https://en.wikipedia.org/wiki/Dirty_COW is a good example of this - SELinux, seccomp, namespaces, Secure Boot, fsverity/IMA - none of that stops a bug like Dirty Cow.
But some other percentage of vulnerabilities *would* be stopped by an IMA-type system (and the percentage of those depends on the exact enforced policy).
A good example of a class of vulnerability that IMA could block is command injection - which can still happen in fully memory safe languages like Rust for example. I think at one point e.g. bluez (bluetooth daemon) had a DBus call that let a user just run binaries because of a command injection flaw. If the IMA-type policy required only signed code to be executed, exploiting that could be a lot harder - particularly if execution of interpreters like /bin/bash is denied.
My suggestion of a local key is to clearly demonstrate that we support *user owned* keys and also "local key in kernel keyring/TPM" can generalize to a remote signing service too.
Hmm...we should really have SELinux labels on kernel keyring objects.
Posted Jan 8, 2021 23:27 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (6 responses)
Fedora has a similar system. However, what this article discusses is the proposal to go further than that and add file level signatures. From the proposal itself:
"Having all files signed with a verifiable key means that system owners can use the kernel Integrity and Measurement Architecture (IMA) to enforce only verified files can be executed, or define other policies."
Afaik, other distributions don't do this and this proposal does not do this by default in Fedora either. Android uses fsverity which accomplishes a similar objective. It isn't problematic unless it is enforced by default and users don't have a way to opt-out and neither is the case here. The technical concerns boil down to package bloat and whether using fsverity might be a better way to accomplish the same goal.
Posted Jan 9, 2021 11:14 UTC (Sat)
by smurf (subscriber, #17840)
[Link] (5 responses)
IMA uses, AFAICT from cursory reading of the docs, a single full-file hash, plus the inode version to check whether to re-verify a file. Not so good IMHO; this seems to imply that if I can gain block-level access to a file system (this is not at all difficult if it's on a DM-managed partition) I can modify a file behind IMA's back. Ugh.
Seems to me that adding a method to sign the file's fs-verity tree might be a better option.
Posted Jan 9, 2021 16:05 UTC (Sat)
by bluca (subscriber, #118303)
[Link] (4 responses)
Posted Jan 9, 2021 16:16 UTC (Sat)
by smurf (subscriber, #17840)
[Link] (3 responses)
Posted Jan 11, 2021 14:26 UTC (Mon)
by hkario (subscriber, #94864)
[Link] (1 responses)
Posted Jan 11, 2021 16:29 UTC (Mon)
by walters (subscriber, #7396)
[Link]
Note that with fs-verity even a "read-only" executable can be `unlink()`ed and a new one written in its place; this is why the docs https://www.kernel.org/doc/html/latest/filesystems/fsveri... talk about ensuring that the verity state of a file is validated by something (userspace, or basic support for automatic kernel verification).
Posted Jan 11, 2021 23:13 UTC (Mon)
by ebiggers (subscriber, #130760)
[Link]
fs-verity does have optional support for storing signatures with files and having the kernel verify that all fs-verity files are signed by a trusted key. This is much simpler than an IMA policy but also much less flexible; e.g., userspace still needs to check which files have fs-verity enabled. It's really more a proof-of-concept, which happens to be enough for some users who don't want to use IMA.
At some point it's likely that IMA will support fs-verity hashes, so that IMA and fs-verity can be used together. They're not mutually exclusive.
Posted Jan 8, 2021 16:48 UTC (Fri)
by walters (subscriber, #7396)
[Link]
Hi, I work on Fedora CoreOS, and while I don't speak for the whole team, please see:
As noted in one of the blog posts, e.g. replacing the kernel with a newer/different version to test something is a first class, fully supported operation. "immutable" is hence a misleading term.
I do want to make Linux systems that are much more resilient to accidental (and malicious) damage than many current traditional-package based systems, and I believe we have made numerous concrete changes in that direction, but there's still a lot more to do.
And particularly for Fedora CoreOS it's definitely a goal that e.g. you *don't* need to layer or override anything in the base OS and happily run your software as containers. A lot of people are at that point and we want to grow that set.
A strong IMA type policy (along with other things like trusted_for() https://lwn.net/Articles/832959/ and I also think IPE is interesting https://lwn.net/Articles/816952/ ) are something I want to push for supporting in Fedora-derived operating systems in general, and it can make particular sense for those "happy path" users that are entirely containerized.
But, again - it's your computer, not ours, and we offer first-class tooling for changing things when you need to, so immutable is not a great term. Thanks!
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
Wol
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
Wol
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
The literature usually uses "second preimage attack" for finding a message with a given hash, and "collision attack" for finding two messages with the same hash.
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
Attacker can also trivially replace hashes in rpmdb - it's sqlite file, after all.
And one last thing. Rpm hashes are only checked when you run rpm -V. IMA acts when file is accessed every time.
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
This of course begs the question why I would want to use IMA in the first place (assuming that my file system supports fsverity).
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
A possible step toward integrity measurement for Fedora
https://blog.verbum.org/2019/12/23/starting-from-open-and...
https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-re...