diff for duplicates of <1498095237.5328.44.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 47338ec..7b8dca9 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -50,15 +50,15 @@ On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: > >> > >> - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); > >> - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { -> >> - if ((status = INTEGRITY_NOLABEL) -> >> - || (status = INTEGRITY_NOXATTRS)) +> >> - if ((status == INTEGRITY_NOLABEL) +> >> - || (status == INTEGRITY_NOXATTRS)) > >> + /* Appended signatures aren't protected by EVM. */ > >> + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, -> >> + xattr_value->type = IMA_MODSIG ? +> >> + xattr_value->type == IMA_MODSIG ? > >> + NULL : xattr_value, rc, iint); > >> + if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN && -> >> + !(xattr_value->type = IMA_MODSIG && -> >> + (status = INTEGRITY_NOLABEL || status = INTEGRITY_NOXATTRS))) { +> >> + !(xattr_value->type == IMA_MODSIG && +> >> + (status == INTEGRITY_NOLABEL || status == INTEGRITY_NOXATTRS))) { > > > > This was messy to begin with, and now it is even more messy. For > > appended signatures, we're only interested in INTEGRITY_FAIL. Maybe @@ -74,18 +74,18 @@ On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: > - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { > + /* Appended signatures aren't protected by EVM. */ > + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, -> + xattr_value->type = IMA_MODSIG ? +> + xattr_value->type == IMA_MODSIG ? > + NULL : xattr_value, rc, iint); Yes, maybe add a comment here indicating only verifying other security xattrs, if they exist. -> + if (xattr_value->type = IMA_MODSIG && status = INTEGRITY_FAIL) { +> + if (xattr_value->type == IMA_MODSIG && status == INTEGRITY_FAIL) { > + cause = "invalid-HMAC"; > + goto out; > + } else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { -> if ((status = INTEGRITY_NOLABEL) -> || (status = INTEGRITY_NOXATTRS)) +> if ((status == INTEGRITY_NOLABEL) +> || (status == INTEGRITY_NOXATTRS)) > cause = "missing-HMAC"; > @@ -100,7 +100,7 @@ xattrs, if they exist. > >> - iint->ima_hash->digest, > >> - iint->ima_hash->length); > >> + -> >> + if (xattr_value->type = EVM_IMA_XATTR_DIGSIG) +> >> + if (xattr_value->type == EVM_IMA_XATTR_DIGSIG) > >> + rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, > >> + (const char *)xattr_value, > >> + rc, iint->ima_hash->digest, @@ -155,11 +155,11 @@ the IMA keyring. > + xattr_len = ima_read_xattr(file_dentry(file), &xattr_value); > + algo = iint->ima_hash->algo; > + -> + if (!xattr_value || xattr_value->type = IMA_MODSIG || +> + if (!xattr_value || xattr_value->type == IMA_MODSIG || > + ima_get_hash_algo(xattr_value, xattr_len) != algo) { > + iint->flags |= IMA_DIGSIG; > + -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else { > + cause = "invalid-signature"; @@ -181,9 +181,9 @@ the IMA keyring. > >> if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) > >> return -EINVAL; > >> ima_reset_appraise_flags(d_backing_inode(dentry), -> >> - (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0); -> >> + xvalue->type = EVM_IMA_XATTR_DIGSIG || -> >> + xvalue->type = IMA_MODSIG); +> >> - (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); +> >> + xvalue->type == EVM_IMA_XATTR_DIGSIG || +> >> + xvalue->type == IMA_MODSIG); > > > > Probably easier to read if we set a variable, before calling > > ima_reset_appraise_flags. @@ -242,7 +242,7 @@ it.) Based on an argument to ima_collect_measurement() have it "collect" either the appended signature or the xattr. Maybe something like this: -loop [ appended signature, xattr ] { <= list based on policy flags +loop [ appended signature, xattr ] { <== list based on policy flags collect_measurement() if failure continue diff --git a/a/content_digest b/N1/content_digest index c3bad25..ba440f1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -4,7 +4,7 @@ "ref\08760fpck0x.fsf@linux.vnet.ibm.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal\0" - "Date\0Thu, 22 Jun 2017 01:33:57 +0000\0" + "Date\0Wed, 21 Jun 2017 21:33:57 -0400\0" "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\0" "Cc\0linux-security-module@vger.kernel.org" linux-ima-devel@lists.sourceforge.net @@ -77,15 +77,15 @@ "> >> \n" "> >> -\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);\n" "> >> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" - "> >> -\t\tif ((status = INTEGRITY_NOLABEL)\n" - "> >> -\t\t || (status = INTEGRITY_NOXATTRS))\n" + "> >> -\t\tif ((status == INTEGRITY_NOLABEL)\n" + "> >> -\t\t || (status == INTEGRITY_NOXATTRS))\n" "> >> +\t/* Appended signatures aren't protected by EVM. */\n" "> >> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA,\n" - "> >> +\t\t\t\t xattr_value->type = IMA_MODSIG ?\n" + "> >> +\t\t\t\t xattr_value->type == IMA_MODSIG ?\n" "> >> +\t\t\t\t NULL : xattr_value, rc, iint);\n" "> >> +\tif (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN &&\n" - "> >> +\t !(xattr_value->type = IMA_MODSIG &&\n" - "> >> +\t (status = INTEGRITY_NOLABEL || status = INTEGRITY_NOXATTRS))) {\n" + "> >> +\t !(xattr_value->type == IMA_MODSIG &&\n" + "> >> +\t (status == INTEGRITY_NOLABEL || status == INTEGRITY_NOXATTRS))) {\n" "> >\n" "> > This was messy to begin with, and now it is even more messy. For\n" "> > appended signatures, we're only interested in INTEGRITY_FAIL. Maybe\n" @@ -101,18 +101,18 @@ "> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" "> +\t/* Appended signatures aren't protected by EVM. */\n" "> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA,\n" - "> +\t\t\t\t xattr_value->type = IMA_MODSIG ?\n" + "> +\t\t\t\t xattr_value->type == IMA_MODSIG ?\n" "> +\t\t\t\t NULL : xattr_value, rc, iint);\n" "\n" "Yes, maybe add a comment here indicating only verifying other security\n" "xattrs, if they exist.\n" "\n" - "> +\tif (xattr_value->type = IMA_MODSIG && status = INTEGRITY_FAIL) {\n" + "> +\tif (xattr_value->type == IMA_MODSIG && status == INTEGRITY_FAIL) {\n" "> +\t\tcause = \"invalid-HMAC\";\n" "> +\t\tgoto out;\n" "> +\t} else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - "> \t\tif ((status = INTEGRITY_NOLABEL)\n" - "> \t\t || (status = INTEGRITY_NOXATTRS))\n" + "> \t\tif ((status == INTEGRITY_NOLABEL)\n" + "> \t\t || (status == INTEGRITY_NOXATTRS))\n" "> \t\t\tcause = \"missing-HMAC\";\n" "\n" "> \n" @@ -127,7 +127,7 @@ "> >> -\t\t\t\t\t iint->ima_hash->digest,\n" "> >> -\t\t\t\t\t iint->ima_hash->length);\n" "> >> +\n" - "> >> +\t\tif (xattr_value->type = EVM_IMA_XATTR_DIGSIG)\n" + "> >> +\t\tif (xattr_value->type == EVM_IMA_XATTR_DIGSIG)\n" "> >> +\t\t\trc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,\n" "> >> +\t\t\t\t\t\t (const char *)xattr_value,\n" "> >> +\t\t\t\t\t\t rc, iint->ima_hash->digest,\n" @@ -182,11 +182,11 @@ "> +\t\txattr_len = ima_read_xattr(file_dentry(file), &xattr_value);\n" "> +\t\talgo = iint->ima_hash->algo;\n" "> +\n" - "> +\t\tif (!xattr_value || xattr_value->type = IMA_MODSIG ||\n" + "> +\t\tif (!xattr_value || xattr_value->type == IMA_MODSIG ||\n" "> +\t\t ima_get_hash_algo(xattr_value, xattr_len) != algo) {\n" "> +\t\t\tiint->flags |= IMA_DIGSIG;\n" "> +\n" - "> +\t\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t\telse {\n" "> +\t\t\t\tcause = \"invalid-signature\";\n" @@ -208,9 +208,9 @@ "> >> \t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" "> >> \t\t\treturn -EINVAL;\n" "> >> \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" - "> >> -\t\t\t (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" - "> >> +\t\t\t\t\t xvalue->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> >> +\t\t\t\t\t xvalue->type = IMA_MODSIG);\n" + "> >> -\t\t\t (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" + "> >> +\t\t\t\t\t xvalue->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> >> +\t\t\t\t\t xvalue->type == IMA_MODSIG);\n" "> >\n" "> > Probably easier to read if we set a variable, before calling\n" "> > ima_reset_appraise_flags.\n" @@ -269,7 +269,7 @@ "\"collect\" either the appended signature or the xattr. \302\240Maybe something\n" "like this:\n" "\n" - "loop [ appended signature, xattr ] { \302\240<= list based on policy flags\n" + "loop [ appended signature, xattr ] { \302\240<== list based on policy flags\n" "\302\240 \302\240 \302\240collect_measurement()\n" "\302\240 \302\240 \302\240if failure\n" "\302\240 \302\240 \302\240 \302\240 continue\n" @@ -341,4 +341,4 @@ "> and xattr sig having to use the same hash algorithm.\n" > -6aabdedc299d732d158aec04c62e8d2bada5abbcff753dda9634bce9c78d6c5e +a0f7040db74036a67c7fc6c38d4495f9585b12213a7b8f1cd33e88a27884dfe1
diff --git a/a/1.txt b/N2/1.txt index 47338ec..1180499 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -50,15 +50,15 @@ On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: > >> > >> - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); > >> - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { -> >> - if ((status = INTEGRITY_NOLABEL) -> >> - || (status = INTEGRITY_NOXATTRS)) +> >> - if ((status == INTEGRITY_NOLABEL) +> >> - || (status == INTEGRITY_NOXATTRS)) > >> + /* Appended signatures aren't protected by EVM. */ > >> + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, -> >> + xattr_value->type = IMA_MODSIG ? +> >> + xattr_value->type == IMA_MODSIG ? > >> + NULL : xattr_value, rc, iint); > >> + if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN && -> >> + !(xattr_value->type = IMA_MODSIG && -> >> + (status = INTEGRITY_NOLABEL || status = INTEGRITY_NOXATTRS))) { +> >> + !(xattr_value->type == IMA_MODSIG && +> >> + (status == INTEGRITY_NOLABEL || status == INTEGRITY_NOXATTRS))) { > > > > This was messy to begin with, and now it is even more messy. For > > appended signatures, we're only interested in INTEGRITY_FAIL. Maybe @@ -74,18 +74,18 @@ On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: > - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { > + /* Appended signatures aren't protected by EVM. */ > + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, -> + xattr_value->type = IMA_MODSIG ? +> + xattr_value->type == IMA_MODSIG ? > + NULL : xattr_value, rc, iint); Yes, maybe add a comment here indicating only verifying other security xattrs, if they exist. -> + if (xattr_value->type = IMA_MODSIG && status = INTEGRITY_FAIL) { +> + if (xattr_value->type == IMA_MODSIG && status == INTEGRITY_FAIL) { > + cause = "invalid-HMAC"; > + goto out; > + } else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { -> if ((status = INTEGRITY_NOLABEL) -> || (status = INTEGRITY_NOXATTRS)) +> if ((status == INTEGRITY_NOLABEL) +> || (status == INTEGRITY_NOXATTRS)) > cause = "missing-HMAC"; > @@ -100,7 +100,7 @@ xattrs, if they exist. > >> - iint->ima_hash->digest, > >> - iint->ima_hash->length); > >> + -> >> + if (xattr_value->type = EVM_IMA_XATTR_DIGSIG) +> >> + if (xattr_value->type == EVM_IMA_XATTR_DIGSIG) > >> + rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, > >> + (const char *)xattr_value, > >> + rc, iint->ima_hash->digest, @@ -125,7 +125,7 @@ kernel image with different requirements. Suppose for example a stock distro image comes signed using one algorithm (appended signature), but the same kernel image is locally -signed using a different algorithm (xattr). Signature verification is +signed using a different algorithm (xattr). ?Signature verification is dependent on either the distro or local public key being loaded onto the IMA keyring. @@ -155,11 +155,11 @@ the IMA keyring. > + xattr_len = ima_read_xattr(file_dentry(file), &xattr_value); > + algo = iint->ima_hash->algo; > + -> + if (!xattr_value || xattr_value->type = IMA_MODSIG || +> + if (!xattr_value || xattr_value->type == IMA_MODSIG || > + ima_get_hash_algo(xattr_value, xattr_len) != algo) { > + iint->flags |= IMA_DIGSIG; > + -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else { > + cause = "invalid-signature"; @@ -181,9 +181,9 @@ the IMA keyring. > >> if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) > >> return -EINVAL; > >> ima_reset_appraise_flags(d_backing_inode(dentry), -> >> - (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0); -> >> + xvalue->type = EVM_IMA_XATTR_DIGSIG || -> >> + xvalue->type = IMA_MODSIG); +> >> - (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); +> >> + xvalue->type == EVM_IMA_XATTR_DIGSIG || +> >> + xvalue->type == IMA_MODSIG); > > > > Probably easier to read if we set a variable, before calling > > ima_reset_appraise_flags. @@ -237,18 +237,18 @@ the IMA keyring. > the hash algorithm in the xattr sig is different. The "appraise" stage could be moved before the "store" stage, like you -have. (This should be a separate patch explaining the need for moving -it.) Based on an argument to ima_collect_measurement() have it -"collect" either the appended signature or the xattr. Maybe something +have. ?(This should be a separate patch explaining the need for moving +it.) ?Based on an argument to ima_collect_measurement() have it +"collect" either the appended signature or the xattr. ?Maybe something like this: -loop [ appended signature, xattr ] { <= list based on policy flags - collect_measurement() - if failure - continue - appraise_measurement() - if success - break +loop [ appended signature, xattr ] { ?<== list based on policy flags +? ? ?collect_measurement() +? ? ?if failure +? ? ? ? continue +? ? ?appraise_measurement() +? ? ?if success +? ? ? ? break } store_measurement() @@ -312,4 +312,9 @@ Mimi > > Ok, will do in v3 if you don't like the restriction of both the modsig > and xattr sig having to use the same hash algorithm. -> +> + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index c3bad25..18fcc82 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -2,27 +2,10 @@ "ref\01496886555-10082-7-git-send-email-bauerman@linux.vnet.ibm.com\0" "ref\01497443972.4287.38.camel@linux.vnet.ibm.com\0" "ref\08760fpck0x.fsf@linux.vnet.ibm.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal\0" - "Date\0Thu, 22 Jun 2017 01:33:57 +0000\0" - "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\0" - "Cc\0linux-security-module@vger.kernel.org" - linux-ima-devel@lists.sourceforge.net - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org - linux-kernel@vger.kernel.org - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> - James Morris <james.l.morris@oracle.com> - Serge E. Hallyn <serge@hallyn.com> - David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@redhat.com> - Rusty Russell <rusty@rustcorp.com.au> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - AKASHI - " Takahiro <takahiro.akashi@linaro.org>\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v2 6/6] ima: Support module-style appended signatures for appraisal\0" + "Date\0Wed, 21 Jun 2017 21:33:57 -0400\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote:\n" @@ -77,15 +60,15 @@ "> >> \n" "> >> -\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);\n" "> >> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" - "> >> -\t\tif ((status = INTEGRITY_NOLABEL)\n" - "> >> -\t\t || (status = INTEGRITY_NOXATTRS))\n" + "> >> -\t\tif ((status == INTEGRITY_NOLABEL)\n" + "> >> -\t\t || (status == INTEGRITY_NOXATTRS))\n" "> >> +\t/* Appended signatures aren't protected by EVM. */\n" "> >> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA,\n" - "> >> +\t\t\t\t xattr_value->type = IMA_MODSIG ?\n" + "> >> +\t\t\t\t xattr_value->type == IMA_MODSIG ?\n" "> >> +\t\t\t\t NULL : xattr_value, rc, iint);\n" "> >> +\tif (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN &&\n" - "> >> +\t !(xattr_value->type = IMA_MODSIG &&\n" - "> >> +\t (status = INTEGRITY_NOLABEL || status = INTEGRITY_NOXATTRS))) {\n" + "> >> +\t !(xattr_value->type == IMA_MODSIG &&\n" + "> >> +\t (status == INTEGRITY_NOLABEL || status == INTEGRITY_NOXATTRS))) {\n" "> >\n" "> > This was messy to begin with, and now it is even more messy. For\n" "> > appended signatures, we're only interested in INTEGRITY_FAIL. Maybe\n" @@ -101,18 +84,18 @@ "> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" "> +\t/* Appended signatures aren't protected by EVM. */\n" "> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA,\n" - "> +\t\t\t\t xattr_value->type = IMA_MODSIG ?\n" + "> +\t\t\t\t xattr_value->type == IMA_MODSIG ?\n" "> +\t\t\t\t NULL : xattr_value, rc, iint);\n" "\n" "Yes, maybe add a comment here indicating only verifying other security\n" "xattrs, if they exist.\n" "\n" - "> +\tif (xattr_value->type = IMA_MODSIG && status = INTEGRITY_FAIL) {\n" + "> +\tif (xattr_value->type == IMA_MODSIG && status == INTEGRITY_FAIL) {\n" "> +\t\tcause = \"invalid-HMAC\";\n" "> +\t\tgoto out;\n" "> +\t} else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - "> \t\tif ((status = INTEGRITY_NOLABEL)\n" - "> \t\t || (status = INTEGRITY_NOXATTRS))\n" + "> \t\tif ((status == INTEGRITY_NOLABEL)\n" + "> \t\t || (status == INTEGRITY_NOXATTRS))\n" "> \t\t\tcause = \"missing-HMAC\";\n" "\n" "> \n" @@ -127,7 +110,7 @@ "> >> -\t\t\t\t\t iint->ima_hash->digest,\n" "> >> -\t\t\t\t\t iint->ima_hash->length);\n" "> >> +\n" - "> >> +\t\tif (xattr_value->type = EVM_IMA_XATTR_DIGSIG)\n" + "> >> +\t\tif (xattr_value->type == EVM_IMA_XATTR_DIGSIG)\n" "> >> +\t\t\trc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,\n" "> >> +\t\t\t\t\t\t (const char *)xattr_value,\n" "> >> +\t\t\t\t\t\t rc, iint->ima_hash->digest,\n" @@ -152,7 +135,7 @@ "\n" "Suppose for example a stock distro image comes signed using one\n" "algorithm (appended signature), but the same kernel image is locally\n" - "signed using a different algorithm (xattr). \302\240Signature verification is\n" + "signed using a different algorithm (xattr). ?Signature verification is\n" "dependent on either the distro or local public key being loaded onto\n" "the IMA keyring.\n" "\n" @@ -182,11 +165,11 @@ "> +\t\txattr_len = ima_read_xattr(file_dentry(file), &xattr_value);\n" "> +\t\talgo = iint->ima_hash->algo;\n" "> +\n" - "> +\t\tif (!xattr_value || xattr_value->type = IMA_MODSIG ||\n" + "> +\t\tif (!xattr_value || xattr_value->type == IMA_MODSIG ||\n" "> +\t\t ima_get_hash_algo(xattr_value, xattr_len) != algo) {\n" "> +\t\t\tiint->flags |= IMA_DIGSIG;\n" "> +\n" - "> +\t\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t\telse {\n" "> +\t\t\t\tcause = \"invalid-signature\";\n" @@ -208,9 +191,9 @@ "> >> \t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" "> >> \t\t\treturn -EINVAL;\n" "> >> \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" - "> >> -\t\t\t (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" - "> >> +\t\t\t\t\t xvalue->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> >> +\t\t\t\t\t xvalue->type = IMA_MODSIG);\n" + "> >> -\t\t\t (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" + "> >> +\t\t\t\t\t xvalue->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> >> +\t\t\t\t\t xvalue->type == IMA_MODSIG);\n" "> >\n" "> > Probably easier to read if we set a variable, before calling\n" "> > ima_reset_appraise_flags.\n" @@ -264,18 +247,18 @@ "> the hash algorithm in the xattr sig is different.\n" "\n" "The \"appraise\" stage could be moved before the \"store\" stage, like you\n" - "have. \302\240(This should be a separate patch explaining the need for moving\n" - "it.) \302\240Based on an argument to ima_collect_measurement() have it\n" - "\"collect\" either the appended signature or the xattr. \302\240Maybe something\n" + "have. ?(This should be a separate patch explaining the need for moving\n" + "it.) ?Based on an argument to ima_collect_measurement() have it\n" + "\"collect\" either the appended signature or the xattr. ?Maybe something\n" "like this:\n" "\n" - "loop [ appended signature, xattr ] { \302\240<= list based on policy flags\n" - "\302\240 \302\240 \302\240collect_measurement()\n" - "\302\240 \302\240 \302\240if failure\n" - "\302\240 \302\240 \302\240 \302\240 continue\n" - "\302\240 \302\240 \302\240appraise_measurement()\n" - "\302\240 \302\240 \302\240if success\n" - "\302\240 \302\240 \302\240 \302\240 break\n" + "loop [ appended signature, xattr ] { ?<== list based on policy flags\n" + "? ? ?collect_measurement()\n" + "? ? ?if failure\n" + "? ? ? ? continue\n" + "? ? ?appraise_measurement()\n" + "? ? ?if success\n" + "? ? ? ? break\n" "}\n" "\n" "store_measurement()\n" @@ -339,6 +322,11 @@ "> \n" "> Ok, will do in v3 if you don't like the restriction of both the modsig\n" "> and xattr sig having to use the same hash algorithm.\n" - > + "> \n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -6aabdedc299d732d158aec04c62e8d2bada5abbcff753dda9634bce9c78d6c5e +9ffce5a926a5bd9cc0c95350b147033577dff4d91805eaccbd8c2ecc3173d919
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.