Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Prakhar Srivastava <prsriva02@gmail.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: roberto.sassu@huawei.com
Subject: Re: [PATCH 2/3] IMA:Define a new template field buf
Date: Wed, 19 Jun 2019 09:54:26 -0400
Message-ID: <1560952466.3975.40.camel@linux.ibm.com> (raw)
In-Reply-To: <20190617183507.14160-3-prsriva02@gmail.com>

On Mon, 2019-06-17 at 11:35 -0700, Prakhar Srivastava wrote:
> A buffer(kexec boot command line arguments) measured into IMA
> measuremnt list cannot be appraised, without already being
> aware of the buffer contents. Since hashes are non-reversible,
> raw buffer is needed for validation or regenerating hash for
> appraisal/attestation.
> 
> Add support to store/read the buffer contents in HEX.
> The kexec cmdline hash is stored in the "d-ng" field of the
> template data,it can be verified using
> sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements |
>   grep  kexec-cmdline | cut -d' ' -f 6 | xxd -r -p | sha256sum
> 
> - Add two new fields to ima_event_data to hold the buf and
> buf_len [Suggested by Roberto]
> - Add a new temaplte field 'buf' to be used to store/read
> the buffer data.[Suggested by Mimi]
> - Updated process_buffer_meaurement to add the buffer to
> ima_event_data. process_buffer_measurement added in
> "Define a new IMA hook to measure the boot command line
>  arguments"
> - Add a new template policy name ima-buf to represent
> 'd-ng|n-ng|buf'
> 
> Signed-off-by: Prakhar Srivastava <prsriva02@gmail.com>
> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
> Reviewed-by: James Morris <jamorris@linux.microsoft.com>

Thanks, looking much better.

>  
>  /* IMA template field data definition */
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index ea7d8cbf712f..83ca99d65e4b 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -140,7 +140,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
>  	struct ima_template_entry *entry;
>  	struct inode *inode = file_inode(file);
>  	struct ima_event_data event_data = {iint, file, filename, NULL, 0,
> -					    cause};
> +					    cause, NULL, 0};
>  	int violation = 1;
>  	int result;
>  
> @@ -296,7 +296,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
>  	struct inode *inode = file_inode(file);
>  	struct ima_template_entry *entry;
>  	struct ima_event_data event_data = {iint, file, filename, xattr_value,
> -					    xattr_len, NULL};
> +					    xattr_len, NULL, NULL, 0};
>  	int violation = 0;
>  
>  	if (iint->measured_pcrs & (0x1 << pcr))
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 993d0f1915ff..c8591406c0e2 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void)
>  	struct ima_template_entry *entry;
>  	struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
>  	struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
> -					    NULL, 0, NULL};
> +					    NULL, 0, NULL, NULL, 0};
>  	int result = -ENOMEM;
>  	int violation = 0;
>  	struct {
> 

These changes shouldn't be necessary.  Please rebase these patches on
top of the latest next-queued-testing branch (git remote update).  "IMA: support for per
policy rule template formats" is still changing. 

Minor nit.  When re-posting the patches please update the patch titles
so that there is a space between the subsystem name and the patch
title (eg. "ima: define ...").

Mimi


  reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-17 18:35 [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load Prakhar Srivastava
2019-06-17 18:35 ` [PATCH 1/3] IMA:Define a new hook to measure the kexec boot command line arguments Prakhar Srivastava
2019-06-19 19:21   ` Mimi Zohar
2019-06-17 18:35 ` [PATCH 2/3] IMA:Define a new template field buf Prakhar Srivastava
2019-06-19 13:54   ` Mimi Zohar [this message]
2019-06-19 18:08     ` prakhar srivastava
2019-06-19 18:37       ` Mimi Zohar
2019-06-17 18:35 ` [PATCH 3/3] KEXEC:Call ima_kexec_cmdline to measure the boot command line args Prakhar Srivastava

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1560952466.3975.40.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=prsriva02@gmail.com \
    --cc=roberto.sassu@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git