From: Mimi Zohar <zohar@linux.ibm.com>
To: Goldwyn Rodrigues <rgoldwyn@suse.de>
Cc: linux-integrity@vger.kernel.org, linux-unionfs@vger.kernel.org,
iforster@suse.de, fvogt@suse.de, miklos@szeredi.hu
Subject: Re: [PATCH] Open a new file instance if no read permissions on files
Date: Mon, 08 Oct 2018 17:18:32 -0400 [thread overview]
Message-ID: <1539033512.15382.133.camel@linux.ibm.com> (raw)
In-Reply-To: <20181008153014.vb4hd7xdpbsbbrxg@merlin>
On Mon, 2018-10-08 at 10:30 -0500, Goldwyn Rodrigues wrote:
> On 9:27 08/10, Mimi Zohar wrote:
> > On Mon, 2018-10-08 at 07:14 -0500, Goldwyn Rodrigues wrote:
> >
> > >
> > > > >
> > > > > + if (!(file->f_mode & FMODE_READ)) {
> > > > > + struct file *f;
> > > >
> > > > I would define "struct file *f = file" above, at the beginning of
> > > > function, and "free(f)" below, without modifying "file".
> > >
> > > I suppose you mean fput(f).
> >
> > yes
> >
> > > Okay, if it makes code more understandable.
> >
> > Thanks
> > >
> > > >
> > > > > + int flags = file->f_flags & ~(O_WRONLY | O_APPEND | O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
> > > >
> > > > Doesn't O_RDONLY need to be added?
> > >
> > > No. O_RDONLY is zero. But I think I should add it for readability. The
> > > compiler will optimize it eventually.
> > >
> > > > Please fix the line length.
> > > >
> > > >
> > > > > + f = dentry_open(&file->f_path, flags, file->f_cred);
> > > > > + if (IS_ERR(f))
> > > > > + return PTR_ERR(f);
> >
> > It's late in the release cycle to be making this change. Would it
> > make sense for now to fallback to modifying the original file
> > descriptor on failure and emit a message?
>
> Yes, perhaps and it may still succeed. Won't it be misleading if it does?
> Would ima_update_xattr() be a good place? Not sure if it would spew too
> many messages if there is an issue. I am all in for modifying the
> original file->f_flags on failure. Just not sure about the error
> message.
The message should be an indication that the dentry_open() failed. So
it needs to be in ima_calc_file_hash. Perhaps use either
pr_info_ratelimited or even pr_info_once() to limit the number of
messages.
> Currently, when we perform IMA hash calculation on a O_WRONLY file with
> overlayfs, there is no error in dmesg. Just EACCES on the _next_ write
> which makes it difficult to conclude whats wrong.
There should be an AUDIT_INTEGRITY_DATA message emitted by
ima_collect_measurement().
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Goldwyn Rodrigues <rgoldwyn@suse.de>
Cc: linux-integrity@vger.kernel.org, linux-unionfs@vger.kernel.org,
iforster@suse.de, fvogt@suse.de, miklos@szeredi.hu
Subject: Re: [PATCH] Open a new file instance if no read permissions on files
Date: Mon, 08 Oct 2018 17:18:32 -0400 [thread overview]
Message-ID: <1539033512.15382.133.camel@linux.ibm.com> (raw)
In-Reply-To: <20181008153014.vb4hd7xdpbsbbrxg@merlin>
On Mon, 2018-10-08 at 10:30 -0500, Goldwyn Rodrigues wrote:
> On 9:27 08/10, Mimi Zohar wrote:
> > On Mon, 2018-10-08 at 07:14 -0500, Goldwyn Rodrigues wrote:
> >
> > >
> > > > >
> > > > > + if (!(file->f_mode & FMODE_READ)) {
> > > > > + struct file *f;
> > > >
> > > > I would define "struct file *f = file" above, at the beginning of
> > > > function, and "free(f)" below, without modifying "file".
> > >
> > > I suppose you mean fput(f).
> >
> > yes
> >
> > > Okay, if it makes code more understandable.
> >
> > Thanks
> > >
> > > >
> > > > > + int flags = file->f_flags & ~(O_WRONLY | O_APPEND | O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
> > > >
> > > > Doesn't O_RDONLY need to be added?
> > >
> > > No. O_RDONLY is zero. But I think I should add it for readability. The
> > > compiler will optimize it eventually.
> > >
> > > > Please fix the line length.
> > > >
> > > >
> > > > > + f = dentry_open(&file->f_path, flags, file->f_cred);
> > > > > + if (IS_ERR(f))
> > > > > + return PTR_ERR(f);
> >
> > It's late in the release cycle to be making this change. Would it
> > make sense for now to fallback to modifying the original file
> > descriptor on failure and emit a message?
>
> Yes, perhaps and it may still succeed. Won't it be misleading if it does?
> Would ima_update_xattr() be a good place? Not sure if it would spew too
> many messages if there is an issue. I am all in for modifying the
> original file->f_flags on failure. Just not sure about the error
> message.
The message should be an indication that the dentry_open() failed. So
it needs to be in ima_calc_file_hash. Perhaps use either
pr_info_ratelimited or even pr_info_once() to limit the number of
messages.
> Currently, when we perform IMA hash calculation on a O_WRONLY file with
> overlayfs, there is no error in dmesg. Just EACCES on the _next_ write
> which makes it difficult to conclude whats wrong.
There should be an AUDIT_INTEGRITY_DATA message emitted by
ima_collect_measurement().
Mimi
next prev parent reply other threads:[~2018-10-08 21:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-05 21:42 [PATCH] Open a new file instance if no read permissions on files Goldwyn Rodrigues
2018-10-07 1:01 ` Mimi Zohar
2018-10-08 12:14 ` Goldwyn Rodrigues
2018-10-08 13:27 ` Mimi Zohar
2018-10-08 13:27 ` Mimi Zohar
2018-10-08 15:30 ` Goldwyn Rodrigues
2018-10-08 15:30 ` Goldwyn Rodrigues
2018-10-08 15:30 ` Goldwyn Rodrigues
2018-10-08 21:18 ` Mimi Zohar [this message]
2018-10-08 21:18 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539033512.15382.133.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=fvogt@suse.de \
--cc=iforster@suse.de \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=rgoldwyn@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.