[LTP] [RFC PATCH 3/3] ima: additional ToMToU violation tests
Mimi Zohar
zohar@linux.ibm.com
Thu Feb 20 22:15:51 CET 2025
Hi Petr,
On Thu, 2025-02-20 at 19:46 +0100, Petr Vorel wrote:
> Is it this considered as a security feature? If yes, than failures on vanilla
> kernel are ok, we just need to later add kernel hashes to let testers know about
> missing backports. If it's a feature (not to be backported) we should test new
> feature only on newer kernels.
I posted these LTP patches as RFC since the kernel patches themselves haven't been
upstreamed. I'm still waiting for some kernel patch reviews. Posting these LTP patches
might help with that.
Having multiple open-writers or ToMToU violations doesn't provide any benefit in terms of
attestation. It just clutters the audit log and the IMA measurement list. Not extending
the TPM would be a performance improvement. I'm not sure it would be classified as a
security feature or bug fix.
Mimi
More information about the ltp
mailing list