Microsoft Announces IPE, a New Code Integrity Feature for Linux (zdnet.com) 89
Microsoft has revealed details about a new project it has been working on for Linux kernel. From a report: Named Integrity Policy Enforcement -- or IPE -- the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features. According to a documentation page published on Monday, IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service. On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed to execute and then add the verification attributes the kernel needs to check for each binary before allowing it to run. If binaries have been altered by an attacker, IPE can block the execution of the malicious code.
It's a trick. Get an axe. (Score:4, Insightful)
Even if this module does not spy on you and phone home with that data, a future version of it will. Once it has been widely adopted and many people are dependent upon it, that is when a tiny bit of telemetry will be added, and the spying will just grow from there over time.
Re:It's a trick. Get an axe. (Score:4, Insightful)
I keep hearing the many eyes argument thrown around here. Why does it not apply now?
Re:It's a trick. Get an axe. (Score:4, Informative)
Anyway, chkrootkit, rkhunter, and sha256sum already check if the executable, libs and more have been tempered with so this isn't anything new.
I suppose that doing it at run time would prevent freshly installed code to execute while the other methods detect the tampering with a delay and hopefully this won't make Linux as slow as Windows.
I don't think I would use it although, it is better performance wise to run an ionice -c 3 nice -n 19 sha256sum on your files in a cron job and report tampering and it does the job as well to some extend.
Re: (Score:2)
Anyway, chkrootkit, rkhunter, and sha256sum already check if the executable, libs and more have been tempered with so this isn't anything new.
Tempered?
Tampered
Trimpered
Covfefe
Covfafa
Covfifi
The poet can survive anything but a misprint.
~Oscar Wilde
Fair, But Incompetent
Collusion In Absence
No Such Agency
Re: (Score:1)
Example 1: The NSA giving OpenSSL a backdoor, and nobody noticing, for years.
Example 2: http://www.underhanded-c.org/ [underhanded-c.org]
Example 3: Wikipedia is not "anyone can edit" anymore.
There, fixed it. Three examples where a good approach failed don’t show that it always fails or that it can’t be improved
Re:It's a trick. Get an axe. (Score:5, Insightful)
Well how else will they know what malicious entities are out in the wild if they don't phone home about everything being executed?
Think of the children!
Re: (Score:2)
Think of the children!
With large corporations, like MS, its "Think of the stockholders"... THAT is ALL they care about...
Re: (Score:2, Insightful)
So you think kernel maintainers who'd have to approve the commit that adds such telemetry to the kernel would not reject such code?
You' re insane.
Hatred for Microsoft is a disease [arstechnica.com], one of the more famous kernel developers once said. When there are solid reasons for the code, and as long as we don't have to worry about licensing etc issues, it belongs in the kernel.
Re: (Score:3)
This is a Linux kernel module, this doesn't pass through the core kernel developers, this is pretty much released on Github if they provide source code which the summary doesn't mention or Microsoft.com as a binary.
As far as whether it belongs in the kernel, I myself am a minimalist when it comes to kernel options. It should be highly modular but the core should be small.
Re: (Score:2)
You don't have to add this kernel module to the last of modules that initrd will load. So what then is the problem?
There are also kernel modules that are actually also called rootkits or trojan horses.
Do you compile and insmod them too just because their source code can be found on GitHub?
Re: (Score:1)
His point is just that it's a slippery slope; if it becomes popular with businesses and enough of them start to use it, he foresees a day of being forced by a clueless and/or evil employer to support it under duress.
And frankly I'd share his concerns in the same position. I just don't right now because I decided I'd actually rather die than take a job like that again. Not everyone can be so cavalier with the future of their career. Some of them actually still have one worth fighting for.
Re:It's a trick. Get an axe. (Score:5, Interesting)
Well, Hatred for Microsoft is a disease that MANY of us are PROUD to be "afflicted" with.. I spent 20 years as a sysadmin dealing with the insanity that IS Microsoft, and when I retired in 2010, I realized I didn't have to deal with their bullshit anymore.. Although, since I'm retired, I get pestered for "tech support".. My policy is thus: If you're asking me for tech support AND you're one of the group of friends/neighbors/relatives I've convinced to embrace Linux over Windows, I'll gladly help you... If you're still sucking on MS's teat, with the bloody abortion that IS Windows 10, I'll gladly direct you to GeekSquad, and feel sympathy for you.. I don't NEED to deal with the insanity that IS Microsoft products today...
Re: (Score:1)
Some people just don't listen....
I was asked from a sales lady what laptop to replace her broken Chromebook with. I asked if she had any issues with the chrome book for the last 3 years, she said no, so I told her to go buy what ever priced chrome book she wanted at the local computer store. She came back with a windows computer that was on sale and said she needed help. I mentioned that if she would have acquired a chrome book there is no setup,just login and all your stuff is still where it was.
Since s
Re: It's a trick. Get an axe. (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
i would rather keep microsoft's code out of Linux
YOU AND ME, BROTHER... NOTHING good can come of kernel modules being written by Microsoft. With their trackrecord on Windows 10 of their euphemism "telemetry", I wouldn't trust them as far as I can throw them....
Re: (Score:3)
Even if this module does not spy on you and phone home with that data, a future version of it will. Once it has been widely adopted and many people are dependent upon it, that is when a tiny bit of telemetry will be added, and the spying will just grow from there over time.
I guess you missed the whole section of TFA titled "Not Intended for the General Linux Userbase."
Re: (Score:1)
And, that (telemetry code) will be a prime target/vector for malware!
Just another bullseye for hackers to focus on!
Re: (Score:2)
Re: (Score:2)
Naughty (Score:2)
That's really going to make Linus angry. I can't wait for the mailing list to go up in flames.
Re: (Score:2)
Knowing Linus, and I don't, I'd suspect his anger will be inversely proportional to code quality, just like he is with most other kernel-related code.
Of course, there's a very high coefficient multiplied by that....
Re: (Score:2)
Linus is on the record for saying that hatred for Microsoft is a disease [arstechnica.com].
The guy doesn't care about you or anybody's dislike for Microsoft. He cares about Linux, the kernel. And who contributes to it doesn't matter, as long as the goddamn code is good.
Being against something or somebody is b.t.w. not the way to develop technology cooperatively.
Re: (Score:2)
That's really going to make Linus angry. I can't wait for the mailing list to go up in flames.
Why would it? It's not part of the mainline kernel.
Timeo Danaos et dona ferentes (Score:1)
Don't be surprised if this is Microsoft embracing and extending linux.
Re: (Score:3)
Re: (Score:3, Interesting)
It's unlikely as they would have to throw a lot of work into compatibility. The Windows kernel is relatively fine, it needs some chopping in my opinion even if it's not backwards compatible.
I think eventually they'll make the kernel POSIX compatible again and perhaps even Linux compatible, but I doubt they'll completely wreck the code. Perhaps in Windows Server you may see more of a reliance on native Linux kernels with a layer of the Windows frameworks in place for management or even co-operating kernels w
Re: (Score:2)
At Azure, the host operating system is Windows.
Re: (Score:1)
Would it be likely that Microsoft may adopt Linux as their kernel and wrap a compatibility layer on top much like Apple did when transitioning from System 9 to OS X?
Apple did not adopt the Linux kernel in any way, shape, or form.
Re:Timeo Danaos et dona ferentes (Score:5, Insightful)
Don't be surprised if this is Microsoft embracing and extending linux.
And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours? Microsoft is embracing Linux that was evident through their cloud computing stuff. The extension here is specific only to things their customers are asking for. But no one here has ever used "embrace" and "extend" without implying there's some extinguish.
So let's hear it. What are they extinguishing? Who is their competitor? What market conditions allow them to extinguish the competition? How do their extensions being openly published and easily implemented by others strengthen their ability to extinguish.
Please, we all want to know because frankly my brain isn't big enough to come up with a conspiracy here, but that could be because I put all my effort into proving the CIA blew up the world trade centre.
Re:Timeo Danaos et dona ferentes (Score:4, Informative)
MS has a long history of being underhanded SOBs, ask the founder of BeOS how well it worked out for him.
Or Stacker Technologies
Or OS/2
Or any dozen, perhaps hundreds of companies that tried to play nice with MS, and got knifed in the back because of it.
Just because you cannot come up with an end plan, does not mean one isn't in place and actively being worked toward.
Re: (Score:2)
OS/2 failure was on IBM.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Except that it was OS/2 that was actually running OS/2, Windows and DOS better. Microsoft spent the next 15 years flooding the world with its DOS-based, co-operatively multitasking, DLL-hell suffering Windows 95/98/ME product line until home PC hardware was deemed capable enough of running NT-based Windows 2000 and finally XP (ironic considering that snarky Microsoft comment about IBM's bloated code). But as VHS vs Betamax taught us, being technically better isn't enough.
Re: (Score:2)
MS has a long history of being underhanded SOBs
That's not an answer to the question. There's no doubt that MS is an underhanded SOB. The question was given the process of EEE requires: a) a target to extinguish, b) the market power to overwhelm a competitor, c) ... an actual competitor to exist, and d) not to give away the second E as open source to your competitors, what is the end goal here.
So you and the GP both seem to think there's an end goal here. Share it. Tell us how open sourcing the "extend" component actually helps MS achieve it rather than
Re:Timeo Danaos et dona ferentes (Score:4, Informative)
And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours?
To me it is more of M/S getting control of development and eventually getting or allowing changes that make azure work better than others that could be detrimental to the kernel over all
I think a lot of changes went into the kernel over the years that has no business being there, the only reason it was added was to make things faster. I wish the kernel will get back into the business of working directly with the hardware, adding useful things, like a very stable btrfs or something like zfs, or making nouveau really work with newer Nvidia Chips.
Re: (Score:2)
that could be detrimental to the kernel over all
These aren't changes to the mainline kernel. They are optional modules compiled separately just like SELinux. It's interesting you mention ZFS since this is precisely the same way Ubuntu enabled ZFS support in the Linux kernel.
Re:Timeo Danaos et dona ferentes (Score:5, Informative)
What if they become the next RedHat? The next systemd? The next Android? They throw the money on the pile until they gain significant market share, their features become too widespread to ignore and then they make whatever they want.
You asked.
Re:Timeo Danaos et dona ferentes (Score:5, Insightful)
Don't be surprised if this is Microsoft embracing and extending linux.
And doing what exactly? No seriously explain your theory to the final conclusion. Every good conspiracy theory needs to be built on a solid conspiracy, so what's yours? Microsoft is embracing Linux that was evident through their cloud computing stuff. The extension here is specific only to things their customers are asking for. But no one here has ever used "embrace" and "extend" without implying there's some extinguish.
So let's hear it. What are they extinguishing? Who is their competitor? What market conditions allow them to extinguish the competition? How do their extensions being openly published and easily implemented by others strengthen their ability to extinguish.
Please, we all want to know because frankly my brain isn't big enough to come up with a conspiracy here, but that could be because I put all my effort into proving the CIA blew up the world trade centre.
Seems like you've answered the question yourself.
Ownership.
MS is just one of the actors in the arena, but fundamentally the split that's been continuous not just through the Internet but through the entire Copyright era has been between people who believe that we should be building resources that belong to everyone and those that think the majority of the world should be renters for life.
Rent a spot on the cloud (developed on tools your community invented), but hosting your own is a TOS violation. Pay for an ISP, but try and build a municipal mesh network and your socialist hippy buddies will see new city and state ordinances against it. Pay to stream movies you previously purchased, but torrenting is theft. Rent digital books cheap, but DRM-free access is punishable by bankruptcy level fines and possible jail time.
Sure, a tiny fraction of hard-core hacker types can root their phones, but nothing that would fundamentally upend a system that produces a few owners and a world full of renters is tolerated for long.
Some of us weirdos hate that.
Re: (Score:2)
Re: (Score:2)
You're 100% right but that wasn't the question.
The GP postulated that this is EEE. The last E being extinguishing. Ownership of the rented system doesn't extinguish anything. The existence of such an extension (nothing more than an additional control given to a system administrator) does not prevent another cloud supplier from existing, or doesn't prevent you anyone from going to Ubuntu or RedHat and spinning up some of their own cloud instances.
Absolutely MS is ensuring that ownership of their infrastructu
Re: (Score:2)
My thought is that MS would continue to attack through the Linux Foundation. But just to put together a simple conspiracy theory with this module...
The module is optional, but eventually using it becomes a requirement to get an image signed with the MS key for UEFI. The requirements keep getting more strict from there, perhaps requiring an MS built/signed version of the LSM be installed and active.
Re: (Score:2)
The module is optional, but eventually using it becomes a requirement to get an image signed with the MS key for UEFI.
Now that's the kind of conspiracy I can get behind :-)
Re: (Score:1)
Re: (Score:1)
Latin eh? My sig used to be something like:
Praeterea, censeo Micromolle non esse utendum. (Molle is the Latin word for soft. It's a paraphrase of a famous Latin expression, "Furthermore, I maintain that Carthage should be destroyed." I changed 'destroyed' to 'not to be used' because I don't like extremes.)
So I have some anti-Microsoft creds. Still, it is just possible that Microsoft is doing this just so they can make their cloud more secure. I do agree that even if their intentions now may not be so
What "code integrity problem"? (Score:1, Insightful)
Re: (Score:1)
Re: (Score:2)
DRM
Indeed. Only thing that really makes sense.
Re: (Score:2)
And how could adding Microsoft-written code to the kernel aid us in solving this problem?
You could RTFS and it would answer both your questions. But you're too busy frothing at the mouth because Microsoft wrote some code right?
Re: (Score:2)
Until enough companies using Linux start to depend on the MS code. Then they will have leverage and there the slippery slope to MS-Hell begins.
Re: (Score:1)
Re: (Score:2)
I'm not certain, but I think that this is "code signing" extended to runtime (well, code initiation). There are problems that this could solve, at "small" additional cost. Perhaps there's enough spare CPU cycles these days to make that reasonable...or reasonable in some contexts.
However, being as the code comes from MS, I wouldn't trust it. Even if the current version is good, I wouldn't trust it. (And just not being able to spot the problematic code doesn't mean it isn't in there.)
OTOH, it's probably n
Re: (Score:2)
This seems more like it would be useful when creating AMIs with packer on every commit to master.
If you are creating a new machine image with kernel modules that get loaded, then specifying that only the binaries you specified at build time can run would be able to tightly lock down a machine. I can't think of any other place where it is practical though. Maybe this is an attempt to slow the growth of Kubernetes. as building a new Kubernetes cluster for each commit sort of defeats the purpose of Kubernetes.
Userspace binaries (Score:1)
Re: (Score:2)
This is exactly what this is for, and it's an admin tool nothing more. If you're the admin on your system do with it what you please. There are situations where you want to give other people access to a machine but only let them execute a white listed set of binaries.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
For a number of departments they likely don't need that many programs. Perhaps office and email. For more techn
Re: (Score:2)
Re: (Score:3)
Its an opt in feature, Linux is an open source kernel. LSM is a modular add on, even more so, so you could unload the whole thing. So nothing to worry about.
Trash OP, here is the link to that crappy thingy (Score:1)
https://microsoft.github.io/ip... [github.io]
Also, I'd go to the "known gaps" at the bottom... which renders this "code" integrity (whatever that trashy name really means as these lines DO NOT check for code integrity) as useless for now.
and here:
https://microsoft.github.io/ip... [github.io]
is where this crap thingy will fail miserably...
Re: (Score:1)
Thank you for posting those two critical links. Evidently it cannot work with interpreted code likely for technical reasons. But there is at least a "gaps" section so there's that. So this could indicate to me that they are moving from the "embrace" into the "extend" phase.
I want to send this to my past self. (Score:1)
My 1996/1997 self would be completely apoplectic over this. I'm talking full-blown spittle flying rage.
My 2020 self is tired. The rage is gone. I think I'm moving on to acceptance.
And that is why dumb assholes win, if they do. (Score:2)
They keep at it.
They wear weak people down.
They're in for the long con.
But sorry, what exactly do you have to do here, to not let MS in?
Just repeat the same facts about past experience with MS showing that they are evil bastards and trusting them will ALWAYS get you fucked, whether dumb enough to not notice or not. Get the template out, which you will definitely have.
And keep installing the same uninfected Linux.
And never be friends with "people" who side with them or let them do their thing.
I personally ta
Aw come on, it's TiVO all over again! (Score:1)
Yeah, you're gonna be able to see the source code of certain binaries, you will be able to compile them EXACTLY as the great Mpire thought you should but that'll be about it! Good luck in signing your OWN version of the binary and run it on Azure. That's why he invented v3 of the GPL... what was that about history and repetition?
That's the "extinguish" part: (Score:5, Interesting)
To make it impossible to even code for a non-MS "Linux" because your clients demand it be able to run on Azure too. Same thint that happened to web developers with IE.
MS will make sure your clients get the FUD that makes them demand it.
And yeah, given past experience, their plan likely is, that then Amazon and Google and such will need to adopt compatibility to "MS-Linux" too, until non-MS Linux has become irrelevant.
If you think that can't happen, read up on MS's history.
The only difference now, is that they aren't the dominant player anymore. (Not that they see it that way...)
But I would not count them out. Especially in the market areas where they still are.
Re: (Score:2)
There's nothing that MSFT is doing here that is a prerequisite for running in Azure.
Azure is as guest OS agnostic as they come.
You do know that Microsoft Azure hosts run Hyper-V on Windows Server, right? Not Linux.
Re: (Score:2)
To make it impossible to even code for a non-MS "Linux" because your clients demand it be able to run on Azure too.
Yep, and to achieve this they open source their secret code that makes all this unique for them. ... Your ignorance truly knows no limits. But hey at least you got some other anti-MS idiots with mod points to mod you up.
Another ignorant post brought to you by BAReFO0t.
Microsoft solves the Linux code integrity problem? (Score:2)
> IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service.
Not only Azure cloud service, Linux is also usefull on the desktop [youtube.com].
> On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed
Really! Trying to help Not! (Score:2)
"Code Integrity", Microsoft, in the same sentence! Just to funny!
Just my 2 cents
Fair enough (Score:2)
This solves a bunch of cases, and essentially becomes the equivalent of signed code.
The next question is: how do you protect the manifest from tampering?
Re: (Score:2)
You simply install the MIPE, obviously.
Can it co-exist with apparmor (Score:2)
Can this co-exist with apparmor?
Thanks, Microsoft! (Score:2)
I agree with Microsoft on this one. Just because some code is bad doesn't mean you should execute it. Let's just put it in prison or something.
Step 2. (Score:1)
1. Embrace.
2. Extend.
3. Extinguish.
The last time they pulled this shit big time *and* got caught *and* the press reported it, lies only a few years back.
Corporate culture takes at least half a century to a century, to change.
That's what the sentence for a boycot should be, until MS can re-apply for a trustworthiness test.
So, the execute bit? (Score:3)
Ignoring for a moment the idea that having someone else determine what code is allowed to run on my computer is somehow a good thing, how is this any different from only allowing privileged (i.e. root) accounts to set the execute bit?
Does it prevent someone from compiling a new program and running it?
Are scripting languages prevented? (no Perl, PHP, or shell?)
What about stealth scripting languages like Microsoft excel?
Re: (Score:2)
Ignoring for a moment the idea that having someone else determine what code is allowed to run on my computer is somehow a good thing
It is a very good thing. The vast majority of computers being used in the world, and nearly all the computers being used for something important are loan computers given to someone to perform a specific task while sitting on a business critical network. You may have heard of this term "corporate IT". There are whole jobs called "system administrators" whose whole jobs revolve around ensuring you can use that computer only in the way that is suitable.
how is this any different from only allowing privileged (i.e. root) accounts to set the execute bit?
A certain Slashdot article has a certain link in it which
Re: (Score:2)
It is a very good thing. The vast majority of computers being used in the world, and nearly all the computers being used for something important are loan computers given to someone to perform a specific task while sitting on a business critical network.
And yet, in the fine article, they specifically mention this as something for "immutable and embedded systems" which are not generally loan computers used by other people.
A certain Slashdot article has a certain link in it which explains all of your questions.
Well, it's certainly not the fine article in this post, since I read it and no where does it mention the way scripting languages are handled, or why having a separate file with other filenames in it is somehow better than the directory file having that information. Is it more compartmental? easier to audit the code? Were they unable to
Sounds a bit like tripwire (Score:2)
Is MS _again_ ignoring what already exists and works?
Re: (Score:1)
Don't even need tripwire. Just use selinux. In fact I bet their stuff uses selinux under the hood.
Solution in search of a problem.
Re: (Score:2)
Indeed. MS does contribute exactly nothing here.