linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Roberto Sassu <roberto.sassu@huawei.com>
To: <zohar@linux.ibm.com>, <mjg59@google.com>
Cc: <linux-integrity@vger.kernel.org>,
	<linux-security-module@vger.kernel.org>,
	<linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<silviu.vlasceanu@huawei.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	<stable@vger.kernel.org>
Subject: [PATCH v3 01/11] evm: Execute evm_inode_init_security() only when an HMAC key is loaded
Date: Wed, 11 Nov 2020 10:22:52 +0100	[thread overview]
Message-ID: <20201111092302.1589-2-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20201111092302.1589-1-roberto.sassu@huawei.com>

evm_inode_init_security() requires an HMAC key to calculate the HMAC on
initial xattrs provided by LSMs. However, it checks generically whether a
key has been loaded, including also public keys, which is not correct as
public keys are not suitable to calculate the HMAC.

Originally, support for signature verification was introduced to verify a
possibly immutable initial ram disk, when no new files are created, and to
switch to HMAC for the root filesystem. By that time, an HMAC key should
have been loaded and usable to calculate HMACs for new files.

More recently support for requiring an HMAC key was removed from the
kernel, so that signature verification can be used alone. Since this is a
legitimate use case, evm_inode_init_security() should not return an error
when no HMAC key has been loaded.

This patch fixes this problem by replacing the evm_key_loaded() check with
a check of the EVM_INIT_HMAC flag in evm_initialized.

Cc: stable@vger.kernel.org # 4.5.x
Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/evm/evm_main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 76d19146d74b..001e001eae01 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode *inode,
 	struct evm_xattr *xattr_data;
 	int rc;
 
-	if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name))
+	if (!(evm_initialized & EVM_INIT_HMAC) ||
+	    !evm_protected_xattr(lsm_xattr->name))
 		return 0;
 
 	xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
-- 
2.27.GIT


  reply	other threads:[~2020-11-11  9:24 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-11  9:22 [PATCH v3 00/11] evm: Improve usability of portable signatures Roberto Sassu
2020-11-11  9:22 ` Roberto Sassu [this message]
2020-12-02 17:03   ` [PATCH v3 01/11] evm: Execute evm_inode_init_security() only when an HMAC key is loaded Mimi Zohar
2020-11-11  9:22 ` [PATCH v3 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal Roberto Sassu
2020-12-02 17:27   ` Mimi Zohar
2021-03-01 18:06   ` Mimi Zohar
2020-11-11  9:22 ` [PATCH v3 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded Roberto Sassu
2020-12-02 21:07   ` Mimi Zohar
2020-11-11  9:22 ` [PATCH v3 04/11] ima: Move ima_reset_appraise_flags() call to post hooks Roberto Sassu
2020-12-02 11:56   ` Roberto Sassu
2020-12-03 20:43     ` Mimi Zohar
2020-11-11  9:22 ` [PATCH v3 05/11] evm: Introduce evm_status_revalidate() Roberto Sassu
2020-11-11  9:22 ` [PATCH v3 06/11] evm: Ignore INTEGRITY_NOLABEL if no HMAC key is loaded Roberto Sassu
2020-12-03 20:42   ` Mimi Zohar
2020-12-04  8:05     ` Roberto Sassu
2020-12-04 13:04       ` Mimi Zohar
2020-12-04 14:59         ` Roberto Sassu
2020-11-11  9:22 ` [PATCH v3 07/11] evm: Allow xattr/attr operations for portable signatures Roberto Sassu
2020-11-11  9:22 ` [PATCH v3 08/11] evm: Allow setxattr() and setattr() for unmodified metadata Roberto Sassu
2020-11-18 17:58   ` kernel test robot
2020-11-11  9:23 ` [PATCH v3 09/11] ima: Allow imasig requirement to be satisfied by EVM portable signatures Roberto Sassu
2020-11-11  9:23 ` [PATCH v3 10/11] ima: Introduce template field evmsig and write to field sig as fallback Roberto Sassu
2020-11-11  9:23 ` [PATCH v3 11/11] ima: Don't remove security.ima if file must not be appraised Roberto Sassu
2020-12-01 20:52 ` [PATCH v3 00/11] evm: Improve usability of portable signatures Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201111092302.1589-2-roberto.sassu@huawei.com \
    --to=roberto.sassu@huawei.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=silviu.vlasceanu@huawei.com \
    --cc=stable@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).