* [PATCH] ima/policy: fix parsing of fsuuid
@ 2018-01-17 18:27 ` Mike Rapoport
0 siblings, 0 replies; 6+ messages in thread
From: Mike Rapoport @ 2018-01-17 18:27 UTC (permalink / raw)
To: Mimi Zohar
Cc: linux-integrity, linux-security-module, Christoph Hellwig,
stable, Mike Rapoport
The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
is zero during parsing of "fsuuid=" rule. Instead of making sure the
&entry->fsuuid field is not attempted to be overwriten, we bail out for
perfectly correct rule.
Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index ee4613fa5840..f19f4841a97a 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -743,7 +743,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
case Opt_fsuuid:
ima_log_string(ab, "fsuuid", args[0].from);
- if (uuid_is_null(&entry->fsuuid)) {
+ if (!uuid_is_null(&entry->fsuuid)) {
result = -EINVAL;
break;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] ima/policy: fix parsing of fsuuid
@ 2018-01-17 18:27 ` Mike Rapoport
0 siblings, 0 replies; 6+ messages in thread
From: Mike Rapoport @ 2018-01-17 18:27 UTC (permalink / raw)
To: linux-security-module
The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
is zero during parsing of "fsuuid=" rule. Instead of making sure the
&entry->fsuuid field is not attempted to be overwriten, we bail out for
perfectly correct rule.
Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index ee4613fa5840..f19f4841a97a 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -743,7 +743,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
case Opt_fsuuid:
ima_log_string(ab, "fsuuid", args[0].from);
- if (uuid_is_null(&entry->fsuuid)) {
+ if (!uuid_is_null(&entry->fsuuid)) {
result = -EINVAL;
break;
}
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] ima/policy: fix parsing of fsuuid
2018-01-17 18:27 ` Mike Rapoport
@ 2018-01-17 21:36 ` Greg KH
-1 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2018-01-17 21:36 UTC (permalink / raw)
To: Mike Rapoport
Cc: Mimi Zohar, linux-integrity, linux-security-module,
Christoph Hellwig, stable
On Wed, Jan 17, 2018 at 08:27:11PM +0200, Mike Rapoport wrote:
> The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
> is zero during parsing of "fsuuid=" rule. Instead of making sure the
> &entry->fsuuid field is not attempted to be overwriten, we bail out for
> perfectly correct rule.
>
> Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
>
> Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
> ---
> security/integrity/ima/ima_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] ima/policy: fix parsing of fsuuid
@ 2018-01-17 21:36 ` Greg KH
0 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2018-01-17 21:36 UTC (permalink / raw)
To: linux-security-module
On Wed, Jan 17, 2018 at 08:27:11PM +0200, Mike Rapoport wrote:
> The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
> is zero during parsing of "fsuuid=" rule. Instead of making sure the
> &entry->fsuuid field is not attempted to be overwriten, we bail out for
> perfectly correct rule.
>
> Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
>
> Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
> ---
> security/integrity/ima/ima_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] ima/policy: fix parsing of fsuuid
2018-01-17 18:27 ` Mike Rapoport
@ 2018-01-18 21:11 ` Mimi Zohar
-1 siblings, 0 replies; 6+ messages in thread
From: Mimi Zohar @ 2018-01-18 21:11 UTC (permalink / raw)
To: Mike Rapoport
Cc: linux-integrity, linux-security-module, Christoph Hellwig, stable
On Wed, 2018-01-17 at 20:27 +0200, Mike Rapoport wrote:
> The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
> is zero during parsing of "fsuuid=" rule. Instead of making sure the
> &entry->fsuuid field is not attempted to be overwriten, we bail out for
> perfectly correct rule.
>
> Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
>
> Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Thanks, Mike.
> ---
> security/integrity/ima/ima_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index ee4613fa5840..f19f4841a97a 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -743,7 +743,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> case Opt_fsuuid:
> ima_log_string(ab, "fsuuid", args[0].from);
>
> - if (uuid_is_null(&entry->fsuuid)) {
> + if (!uuid_is_null(&entry->fsuuid)) {
> result = -EINVAL;
> break;
> }
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] ima/policy: fix parsing of fsuuid
@ 2018-01-18 21:11 ` Mimi Zohar
0 siblings, 0 replies; 6+ messages in thread
From: Mimi Zohar @ 2018-01-18 21:11 UTC (permalink / raw)
To: linux-security-module
On Wed, 2018-01-17 at 20:27 +0200, Mike Rapoport wrote:
> The switch to uuid_t invereted the logic of verfication that &entry->fsuuid
> is zero during parsing of "fsuuid=" rule. Instead of making sure the
> &entry->fsuuid field is not attempted to be overwriten, we bail out for
> perfectly correct rule.
>
> Fixes: 787d8c530af7 ("ima/policy: switch to use uuid_t")
>
> Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Thanks, Mike.
> ---
> security/integrity/ima/ima_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index ee4613fa5840..f19f4841a97a 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -743,7 +743,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> case Opt_fsuuid:
> ima_log_string(ab, "fsuuid", args[0].from);
>
> - if (uuid_is_null(&entry->fsuuid)) {
> + if (!uuid_is_null(&entry->fsuuid)) {
> result = -EINVAL;
> break;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-01-18 21:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-17 18:27 [PATCH] ima/policy: fix parsing of fsuuid Mike Rapoport
2018-01-17 18:27 ` Mike Rapoport
2018-01-17 21:36 ` Greg KH
2018-01-17 21:36 ` Greg KH
2018-01-18 21:11 ` Mimi Zohar
2018-01-18 21:11 ` Mimi Zohar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.