On Tue, Mar 05, 2013 at 08:30:53AM -0500, Mimi Zohar wrote:
> On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote:
> > On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote:
> > > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote:
> > > > Digital signature verification happens using integr
On Tue, 2013-03-05 at 08:30 -0500, Mimi Zohar wrote:
> Digital signature verification happens using integrity_digsig_verify().
> If a digital signature is present in security.ima, then any error, which
> happens during signature verification, should lead to status
> INTEGRITY_FAIL. In the future
On Mon, 2013-03-04 at 11:20 -0500, Vivek Goyal wrote:
> On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote:
> > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote:
> > > Digital signature verification happens using integrity_digsig_verify().
> > > Curently we set integrity to FAIL for all
On Mon, Mar 04, 2013 at 08:48:36AM -0500, Mimi Zohar wrote:
> On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote:
> > Digital signature verification happens using integrity_digsig_verify().
> > Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP.
> > This sounds out of line.
On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote:
> Digital signature verification happens using integrity_digsig_verify().
> Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP.
> This sounds out of line.
>
> - If appropriate kernel code is not compiled in to verify signa
Digital signature verification happens using integrity_digsig_verify().
Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP.
This sounds out of line.
- If appropriate kernel code is not compiled in to verify signature of
a file, then prractically it is a failed signature.
-
6 matches
Mail list logo