On Fri, Mar 15, 2013 at 4:35 PM, Vivek Goyal <[email protected]> wrote: > Do elf executable signature verification (if one is present). If signature > is present, it should be valid. Validly signed files are given a capability > CAP_SIGNED. > > If file is unsigned, it can execute but it does not get the capability > CAP_SIGNED. > > This is work in progress. This patch is just an RFC to show how one > can go about making use of IMA APIs for executable signature > verification. > > Signed-off-by: Vivek Goyal <[email protected]> > --- > fs/Kconfig.binfmt | 12 ++++++++++++ > fs/binfmt_elf.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 56 insertions(+), 0 deletions(-) > > diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt > index 0efd152..cbb1d4a 100644 > --- a/fs/Kconfig.binfmt > +++ b/fs/Kconfig.binfmt > @@ -23,6 +23,18 @@ config BINFMT_ELF > ld.so (check the file <file:Documentation/Changes> for location and > latest version). > > +config BINFMT_ELF_SIG > + bool "ELF binary signature verification" > + depends on BINFMT_ELF > + select INTEGRITY > + select INTEGRITY_SIGNATURE > + select INTEGRITY_ASYMMETRIC_KEYS > + select IMA > + select IMA_APPRAISE > + default n > + ---help--- > + Check ELF binary signature verfication. > +
I haven't reviewed the whole patch set, but this caught my eye. There are a couple things wrong with it. 1) The help text isn't helpful. It could definitely be more verbose and should probably point to something in Documentation/ that describes what this whole thing is. 2) The select mechanism is horrible. I would really like to see this option use "depends on" instead of select given that you're selecting in a whole subsystem that people probably aren't going to have already enabled. josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
