Can you clarify this a bit for those of us who are not well-versed in exactly what "measurement" does?
On Mon, Sep 1, 2025 at 2:42 AM Roberto Sassu <[email protected]> wrote: > > Now, in cases where you have IMA or something and you only permit signed > > binaries to execute, you could argue there is a different race here (an > > attacker creates a malicious script, runs it, and then replaces it with > > a valid script's contents and metadata after the fact to get > > AT_EXECVE_CHECK to permit the execution). However, I'm not sure that > > Uhm, let's consider measurement, I'm more familiar with. > > I think the race you wanted to express was that the attacker replaces > the good script, verified with AT_EXECVE_CHECK, with the bad script > after the IMA verification but before the interpreter reads it. > > Fortunately, IMA is able to cope with this situation, since this race > can happen for any file open, where of course a file can be not read- > locked. I assume you mean that this has nothing specifically to do with scripts, as IMA tries to protect ordinary (non-"execute" file access) as well. Am I right? > > If the attacker tries to concurrently open the script for write in this > race window, IMA will report this event (called violation) in the > measurement list, and during remote attestation it will be clear that > the interpreter did not read what was measured. > > We just need to run the violation check for the BPRM_CHECK hook too > (then, probably for us the O_DENY_WRITE flag or alternative solution > would not be needed, for measurement). This seems consistent with my interpretation above, but ... > > Please, let us know when you apply patches like 2a010c412853 ("fs: > don't block i_writecount during exec"). We had a discussion [1], but > probably I missed when it was decided to be applied (I saw now it was > in the same thread, but didn't get that at the time). We would have > needed to update our code accordingly. In the future, we will try to > clarify better our expectations from the VFS. ... I didn't follow this. Suppose there's some valid contents of /bin/sleep. I execute /bin/sleep 1m. While it's running, I modify /bin/sleep (by opening it for write, not by replacing it), and the kernel in question doesn't do ETXTBSY. Then the sleep process reads (and executes) the modified contents. Wouldn't a subsequent attestation fail? Why is ETXTBSY needed?
