From: Roberto Sassu <roberto.sassu@huawei.com>
To: <zohar@linux.ibm.com>, <mjg59@srcf.ucam.org>
Cc: <linux-integrity@vger.kernel.org>,
<linux-security-module@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
Roberto Sassu <roberto.sassu@huawei.com>,
<stable@vger.kernel.org>
Subject: [PATCH v7 01/12] evm: Execute evm_inode_init_security() only when an HMAC key is loaded
Date: Fri, 14 May 2021 17:27:42 +0200 [thread overview]
Message-ID: <20210514152753.982958-2-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20210514152753.982958-1-roberto.sassu@huawei.com>
evm_inode_init_security() requires an HMAC key to calculate the HMAC on
initial xattrs provided by LSMs. However, it checks generically whether a
key has been loaded, including also public keys, which is not correct as
public keys are not suitable to calculate the HMAC.
Originally, support for signature verification was introduced to verify a
possibly immutable initial ram disk, when no new files are created, and to
switch to HMAC for the root filesystem. By that time, an HMAC key should
have been loaded and usable to calculate HMACs for new files.
More recently support for requiring an HMAC key was removed from the
kernel, so that signature verification can be used alone. Since this is a
legitimate use case, evm_inode_init_security() should not return an error
when no HMAC key has been loaded.
This patch fixes this problem by replacing the evm_key_loaded() check with
a check of the EVM_INIT_HMAC flag in evm_initialized.
Cc: stable@vger.kernel.org # 4.5.x
Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
security/integrity/evm/evm_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 0de367aaa2d3..7ac5204c8d1f 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -521,7 +521,7 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
}
/*
- * evm_inode_init_security - initializes security.evm
+ * evm_inode_init_security - initializes security.evm HMAC value
*/
int evm_inode_init_security(struct inode *inode,
const struct xattr *lsm_xattr,
@@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode *inode,
struct evm_xattr *xattr_data;
int rc;
- if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name))
+ if (!(evm_initialized & EVM_INIT_HMAC) ||
+ !evm_protected_xattr(lsm_xattr->name))
return 0;
xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
--
2.25.1
next prev parent reply other threads:[~2021-05-14 15:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 15:27 [PATCH v7 00/12] evm: Improve usability of portable signatures Roberto Sassu
2021-05-14 15:27 ` Roberto Sassu [this message]
2021-05-14 15:27 ` [PATCH v7 02/12] evm: Load EVM key in ima_load_x509() to avoid appraisal Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 03/12] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 04/12] evm: Introduce evm_revalidate_status() Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 05/12] evm: Introduce evm_hmac_disabled() to safely ignore verification errors Roberto Sassu
2021-05-20 8:48 ` [RESEND][PATCH " Roberto Sassu
2021-05-20 8:51 ` Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 06/12] evm: Allow xattr/attr operations for portable signatures Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 07/12] evm: Pass user namespace to set/remove xattr hooks Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 08/12] evm: Allow setxattr() and setattr() for unmodified metadata Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 09/12] evm: Deprecate EVM_ALLOW_METADATA_WRITES Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 10/12] ima: Allow imasig requirement to be satisfied by EVM portable signatures Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 11/12] ima: Introduce template field evmsig and write to field sig as fallback Roberto Sassu
2021-05-14 15:27 ` [PATCH v7 12/12] ima: Don't remove security.ima if file must not be appraised Roberto Sassu
2021-05-20 18:55 ` [PATCH v7 00/12] evm: Improve usability of portable signatures Mimi Zohar
2021-05-21 7:07 ` Roberto Sassu
2021-05-21 17:31 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210514152753.982958-2-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).