Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Security Linux

Microsoft Announces IPE, a New Code Integrity Feature for Linux (zdnet.com) 89

Microsoft has revealed details about a new project it has been working on for Linux kernel. From a report: Named Integrity Policy Enforcement -- or IPE -- the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features. According to a documentation page published on Monday, IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service. On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed to execute and then add the verification attributes the kernel needs to check for each binary before allowing it to run. If binaries have been altered by an attacker, IPE can block the execution of the malicious code.
This discussion has been archived. No new comments can be posted.

Microsoft Announces IPE, a New Code Integrity Feature for Linux

Comments Filter:
  • Comment removed based on user account deletion
  • That's really going to make Linus angry. I can't wait for the mailing list to go up in flames.

    • Knowing Linus, and I don't, I'd suspect his anger will be inversely proportional to code quality, just like he is with most other kernel-related code.

      Of course, there's a very high coefficient multiplied by that....

    • by freax ( 80371 )

      Linus is on the record for saying that hatred for Microsoft is a disease [arstechnica.com].

      The guy doesn't care about you or anybody's dislike for Microsoft. He cares about Linux, the kernel. And who contributes to it doesn't matter, as long as the goddamn code is good.

      Being against something or somebody is b.t.w. not the way to develop technology cooperatively.

    • That's really going to make Linus angry. I can't wait for the mailing list to go up in flames.

      Why would it? It's not part of the mainline kernel.

  • Don't be surprised if this is Microsoft embracing and extending linux.

    • Would it be likely that Microsoft may adopt Linux as their kernel and wrap a compatibility layer on top much like Apple did when transitioning from System 9 to OS X?
      • Re: (Score:3, Interesting)

        by guruevi ( 827432 )

        It's unlikely as they would have to throw a lot of work into compatibility. The Windows kernel is relatively fine, it needs some chopping in my opinion even if it's not backwards compatible.

        I think eventually they'll make the kernel POSIX compatible again and perhaps even Linux compatible, but I doubt they'll completely wreck the code. Perhaps in Windows Server you may see more of a reliance on native Linux kernels with a layer of the Windows frameworks in place for management or even co-operating kernels w

      • Would it be likely that Microsoft may adopt Linux as their kernel and wrap a compatibility layer on top much like Apple did when transitioning from System 9 to OS X?

        Apple did not adopt the Linux kernel in any way, shape, or form.

    • by thegarbz ( 1787294 ) on Tuesday April 07, 2020 @12:24PM (#59917810)

      Don't be surprised if this is Microsoft embracing and extending linux.

      And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours? Microsoft is embracing Linux that was evident through their cloud computing stuff. The extension here is specific only to things their customers are asking for. But no one here has ever used "embrace" and "extend" without implying there's some extinguish.

      So let's hear it. What are they extinguishing? Who is their competitor? What market conditions allow them to extinguish the competition? How do their extensions being openly published and easily implemented by others strengthen their ability to extinguish.

      Please, we all want to know because frankly my brain isn't big enough to come up with a conspiracy here, but that could be because I put all my effort into proving the CIA blew up the world trade centre.

      • by IWantMoreSpamPlease ( 571972 ) on Tuesday April 07, 2020 @01:31PM (#59918114) Homepage Journal

        MS has a long history of being underhanded SOBs, ask the founder of BeOS how well it worked out for him.
        Or Stacker Technologies
        Or OS/2
        Or any dozen, perhaps hundreds of companies that tried to play nice with MS, and got knifed in the back because of it.

        Just because you cannot come up with an end plan, does not mean one isn't in place and actively being worked toward.

        • by stikves ( 127823 )

          OS/2 failure was on IBM.

          https://en.wikipedia.org/wiki/... [wikipedia.org]

          The two companies had significant differences in culture and vision. Microsoft favored the open hardware system approach that contributed to its success on the PC; IBM sought to use OS/2 to drive sales of its own hardware, including systems that could not support the features Microsoft wanted. Microsoft programmers also became frustrated with IBM's bureaucracy and its use of lines of code to measure programmer productivity.[22] IBM developers complai

          • Except that it was OS/2 that was actually running OS/2, Windows and DOS better. Microsoft spent the next 15 years flooding the world with its DOS-based, co-operatively multitasking, DLL-hell suffering Windows 95/98/ME product line until home PC hardware was deemed capable enough of running NT-based Windows 2000 and finally XP (ironic considering that snarky Microsoft comment about IBM's bloated code). But as VHS vs Betamax taught us, being technically better isn't enough.

        • MS has a long history of being underhanded SOBs

          That's not an answer to the question. There's no doubt that MS is an underhanded SOB. The question was given the process of EEE requires: a) a target to extinguish, b) the market power to overwhelm a competitor, c) ... an actual competitor to exist, and d) not to give away the second E as open source to your competitors, what is the end goal here.

          So you and the GP both seem to think there's an end goal here. Share it. Tell us how open sourcing the "extend" component actually helps MS achieve it rather than

      • by jmccue ( 834797 ) on Tuesday April 07, 2020 @01:40PM (#59918156) Homepage

        And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours?

        To me it is more of M/S getting control of development and eventually getting or allowing changes that make azure work better than others that could be detrimental to the kernel over all

        I think a lot of changes went into the kernel over the years that has no business being there, the only reason it was added was to make things faster. I wish the kernel will get back into the business of working directly with the hardware, adding useful things, like a very stable btrfs or something like zfs, or making nouveau really work with newer Nvidia Chips.

        • that could be detrimental to the kernel over all

          These aren't changes to the mainline kernel. They are optional modules compiled separately just like SELinux. It's interesting you mention ZFS since this is precisely the same way Ubuntu enabled ZFS support in the Linux kernel.

      • by rastos1 ( 601318 ) on Tuesday April 07, 2020 @02:12PM (#59918286)

        So let's hear it. What are they extinguishing? Who is their competitor? What market conditions allow them to extinguish the competition? How do their extensions being openly published and easily implemented by others strengthen their ability to extinguish.

        What if they become the next RedHat? The next systemd? The next Android? They throw the money on the pile until they gain significant market share, their features become too widespread to ignore and then they make whatever they want.

        You asked.

      • by medusa-v2 ( 3669719 ) on Tuesday April 07, 2020 @02:46PM (#59918420)

        Don't be surprised if this is Microsoft embracing and extending linux.

        And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours? Microsoft is embracing Linux that was evident through their cloud computing stuff. The extension here is specific only to things their customers are asking for. But no one here has ever used "embrace" and "extend" without implying there's some extinguish.

        So let's hear it. What are they extinguishing? Who is their competitor? What market conditions allow them to extinguish the competition? How do their extensions being openly published and easily implemented by others strengthen their ability to extinguish.

        Please, we all want to know because frankly my brain isn't big enough to come up with a conspiracy here, but that could be because I put all my effort into proving the CIA blew up the world trade centre.

        Seems like you've answered the question yourself.

        Ownership.

        MS is just one of the actors in the arena, but fundamentally the split that's been continuous not just through the Internet but through the entire Copyright era has been between people who believe that we should be building resources that belong to everyone and those that think the majority of the world should be renters for life.

        Rent a spot on the cloud (developed on tools your community invented), but hosting your own is a TOS violation. Pay for an ISP, but try and build a municipal mesh network and your socialist hippy buddies will see new city and state ordinances against it. Pay to stream movies you previously purchased, but torrenting is theft. Rent digital books cheap, but DRM-free access is punishable by bankruptcy level fines and possible jail time.

        Sure, a tiny fraction of hard-core hacker types can root their phones, but nothing that would fundamentally upend a system that produces a few owners and a world full of renters is tolerated for long.

        Some of us weirdos hate that.

        • The kernel isn't done till Lotus won't run. Some of us have longer memories of MS than others.
        • You're 100% right but that wasn't the question.

          The GP postulated that this is EEE. The last E being extinguishing. Ownership of the rented system doesn't extinguish anything. The existence of such an extension (nothing more than an additional control given to a system administrator) does not prevent another cloud supplier from existing, or doesn't prevent you anyone from going to Ubuntu or RedHat and spinning up some of their own cloud instances.

          Absolutely MS is ensuring that ownership of their infrastructu

      • by DeVilla ( 4563 )

        My thought is that MS would continue to attack through the Linux Foundation. But just to put together a simple conspiracy theory with this module...

        The module is optional, but eventually using it becomes a requirement to get an image signed with the MS key for UEFI. The requirements keep getting more strict from there, perhaps requiring an MS built/signed version of the LSM be installed and active.

        • The module is optional, but eventually using it becomes a requirement to get an image signed with the MS key for UEFI.

          Now that's the kind of conspiracy I can get behind :-)

      • Take a look at and study the well known term "Co Optation" in a market context. If you can't buy, bully or steal the competition, you can influence it and slowly take it over. Microsoft can join committees, associations and boards and in that way inluence community driven open source projects. Don't think for a minute that Microsoft does this out of their good heart and idealism. It's all about market share and profits. I wish we could keep Microsoft away.
    • by shoor ( 33382 )

      Latin eh? My sig used to be something like:
      Praeterea, censeo Micromolle non esse utendum. (Molle is the Latin word for soft. It's a paraphrase of a famous Latin expression, "Furthermore, I maintain that Carthage should be destroyed." I changed 'destroyed' to 'not to be used' because I don't like extremes.)

      So I have some anti-Microsoft creds. Still, it is just possible that Microsoft is doing this just so they can make their cloud more secure. I do agree that even if their intentions now may not be so

  • And how could adding Microsoft-written code to the kernel aid us in solving this problem?
    • DRM
    • And how could adding Microsoft-written code to the kernel aid us in solving this problem?

      You could RTFS and it would answer both your questions. But you're too busy frothing at the mouth because Microsoft wrote some code right?

      • by gtall ( 79522 )

        Until enough companies using Linux start to depend on the MS code. Then they will have leverage and there the slippery slope to MS-Hell begins.

      • Mmmm, yes, basically. Yes, I did RTFS. I have to live with Microsoft code every day at work. It's pretty stable, and yet for reasons apparently chosen by marketing departments, I'm constantly having to second-guess what Windows 10 will do next. Then I come home to peace and calm. I like peace and calm, and I don't want Microsoft stomping around in my playground. They have grand ambitions to maintain a permanent hold on their market share, and they will totally sweep Linux along in their floodwaters to get
    • by HiThere ( 15173 )

      I'm not certain, but I think that this is "code signing" extended to runtime (well, code initiation). There are problems that this could solve, at "small" additional cost. Perhaps there's enough spare CPU cycles these days to make that reasonable...or reasonable in some contexts.

      However, being as the code comes from MS, I wouldn't trust it. Even if the current version is good, I wouldn't trust it. (And just not being able to spot the problematic code doesn't mean it isn't in there.)

      OTOH, it's probably n

      • by micheas ( 231635 )

        This seems more like it would be useful when creating AMIs with packer on every commit to master.

        If you are creating a new machine image with kernel modules that get loaded, then specifying that only the binaries you specified at build time can run would be able to tightly lock down a machine. I can't think of any other place where it is practical though. Maybe this is an attempt to slow the growth of Kubernetes. as building a new Kubernetes cluster for each commit sort of defeats the purpose of Kubernetes.

  • I hope this doesn't make it hard to run binaries in userspace. Surely if you are running something without sudo privileges, you aren't going to do much harm? If I can't run my own binaries on a remote server, this would suck balls.
    • This is exactly what this is for, and it's an admin tool nothing more. If you're the admin on your system do with it what you please. There are situations where you want to give other people access to a machine but only let them execute a white listed set of binaries.

      • It's worrying. Admins may install this, without thinking about the consequences to productivity. I don't think it's the right approach to security. Stop userspace applications accessing sensitive parts of the system, sure, but stopping them from even running at all? Something like this would be fine on, say, a cash machine, or a machine that needs very high security, but on a system used by lots of users, it could just end up being hassle, and the limitations to productivity could outweight the security ga
    • Uhm, the entire point of this is to stop the use of binaries that haven't been approved by the kernel provider. This isn't meant for general purpose use, it's for systems that are meant to be immutable.
      • This will end up rolling out for general use and I'll tell you why. I've been in a lot of companies and the standard for IT is one size fits all. However this isn't appropriate for all workloads. I very often see in companies people using Mac and IT. Why? Because they're unmanaged. Either they don't give comparable tools to those for windows all in the same place or it's too hard to set that up.

        For a number of departments they likely don't need that many programs. Perhaps office and email. For more techn
        • I've failed to also mention immutable systems (usually partially at least) are common practice managing a LAN of computers.
    • Its an opt in feature, Linux is an open source kernel. LSM is a modular add on, even more so, so you could unload the whole thing. So nothing to worry about.

  • https://microsoft.github.io/ip... [github.io]

    Also, I'd go to the "known gaps" at the bottom... which renders this "code" integrity (whatever that trashy name really means as these lines DO NOT check for code integrity) as useless for now.

    and here:
    https://microsoft.github.io/ip... [github.io]

    is where this crap thingy will fail miserably...

    • Thank you for posting those two critical links. Evidently it cannot work with interpreted code likely for technical reasons. But there is at least a "gaps" section so there's that. So this could indicate to me that they are moving from the "embrace" into the "extend" phase.

  • My 1996/1997 self would be completely apoplectic over this. I'm talking full-blown spittle flying rage.

    My 2020 self is tired. The rage is gone. I think I'm moving on to acceptance.

    • They keep at it.
      They wear weak people down.
      They're in for the long con.

      But sorry, what exactly do you have to do here, to not let MS in?

      Just repeat the same facts about past experience with MS showing that they are evil bastards and trusting them will ALWAYS get you fucked, whether dumb enough to not notice or not. Get the template out, which you will definitely have.

      And keep installing the same uninfected Linux.

      And never be friends with "people" who side with them or let them do their thing.

      I personally ta

  • Yeah, you're gonna be able to see the source code of certain binaries, you will be able to compile them EXACTLY as the great Mpire thought you should but that'll be about it! Good luck in signing your OWN version of the binary and run it on Azure. That's why he invented v3 of the GPL... what was that about history and repetition?

  • What “code integrity problem for Linux” would that be? How the fcuk than they secure Linux when they can't even plug that leaky tub known as Microsoft windows.

    > IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service.

    Not only Azure cloud service, Linux is also usefull on the desktop [youtube.com].

    > On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed
  • "Microsoft Announces IPE, a New Code Integrity Feature for Linux" Microsoft ,Just trying to help! Right?????

    "Code Integrity", Microsoft, in the same sentence! Just to funny!

    Just my 2 cents ;)
  • This solves a bunch of cases, and essentially becomes the equivalent of signed code.

    The next question is: how do you protect the manifest from tampering?

  • Can this co-exist with apparmor?

  • If binaries have been altered by an attacker, IPE can block the execution of the malicious code.

    I agree with Microsoft on this one. Just because some code is bad doesn't mean you should execute it. Let's just put it in prison or something.

  • 1. Embrace.
    2. Extend.
    3. Extinguish.
    The last time they pulled this shit big time *and* got caught *and* the press reported it, lies only a few years back.
    Corporate culture takes at least half a century to a century, to change.
    That's what the sentence for a boycot should be, until MS can re-apply for a trustworthiness test.

  • by AnotherBlackHat ( 265897 ) on Tuesday April 07, 2020 @02:08PM (#59918272) Homepage

    Ignoring for a moment the idea that having someone else determine what code is allowed to run on my computer is somehow a good thing, how is this any different from only allowing privileged (i.e. root) accounts to set the execute bit?

    Does it prevent someone from compiling a new program and running it?
    Are scripting languages prevented? (no Perl, PHP, or shell?)
    What about stealth scripting languages like Microsoft excel?

    • Ignoring for a moment the idea that having someone else determine what code is allowed to run on my computer is somehow a good thing

      It is a very good thing. The vast majority of computers being used in the world, and nearly all the computers being used for something important are loan computers given to someone to perform a specific task while sitting on a business critical network. You may have heard of this term "corporate IT". There are whole jobs called "system administrators" whose whole jobs revolve around ensuring you can use that computer only in the way that is suitable.

      how is this any different from only allowing privileged (i.e. root) accounts to set the execute bit?

      A certain Slashdot article has a certain link in it which

      • It is a very good thing. The vast majority of computers being used in the world, and nearly all the computers being used for something important are loan computers given to someone to perform a specific task while sitting on a business critical network.

        And yet, in the fine article, they specifically mention this as something for "immutable and embedded systems" which are not generally loan computers used by other people.

        A certain Slashdot article has a certain link in it which explains all of your questions.

        Well, it's certainly not the fine article in this post, since I read it and no where does it mention the way scripting languages are handled, or why having a separate file with other filenames in it is somehow better than the directory file having that information. Is it more compartmental? easier to audit the code? Were they unable to

  • Is MS _again_ ignoring what already exists and works?

    • by ebvwfbw ( 864834 )

      Don't even need tripwire. Just use selinux. In fact I bet their stuff uses selinux under the hood.

      Solution in search of a problem.

Trap full -- please empty.

Working...