On Tue, 2015-10-20 at 18:33 +0300, Petko Manolov wrote: > On 15-10-20 11:21:43, Mimi Zohar wrote: > > On Tue, 2015-10-20 at 17:43 +0300, Petko Manolov wrote:
> > > Thinking about the blacklist keyring some more... My concern is more that > > keys can be added and removed at run time from either of the .ima or the > > ima_mok keyrings. The need for a blacklist keyring is to prevent the key > > from > > being removed and at a later point re-added. Unfortunately, keys can be > > added > > and removed similarly from the blacklist keyring as well. Unless keys can > > be > > added, without the ability of removing them, I'm not sure of the benefit of > > a > > blacklist keyring. I assume adding and removing keys requires the same > > write > > privilege. (cc'ing David Howells) > > As far as i know there is no concept of write-once to a keyring in the > kernel. > David will correct me if i am wrong. I wonder how hard would it be to add > such > functionality, in case it is missing? > > Ideally a revoked key should stay in .blacklist until it expire or the system > is > rebooted. Keys currently revoked return -EKEYREVOKED for a certain amount of time, before being garbage collected. Perhaps for trusted keys we could piggy back on this option, returning -EKEYREVOKED, but prevent them from being garbage collected? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
