diff for duplicates of <1509456695.3583.226.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 38580cc..4702268 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -96,7 +96,7 @@ like this: if ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) { -> + const char *modsig_cause = rc = -EOPNOTSUPP ? +> + const char *modsig_cause = rc == -EOPNOTSUPP ? > + "unknown" : "invalid-signature"; This can then be cleaned up as well. @@ -127,7 +127,7 @@ This test becomes redundant. > + /* Unexpected error reading xattr. */ > + status = INTEGRITY_UNKNOWN; > + } else { -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else { > + cause = "invalid-signature"; diff --git a/a/content_digest b/N1/content_digest index 993a49b..ef40133 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,7 +2,7 @@ "ref\020171018005331.2688-18-bauerman@linux.vnet.ibm.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH v5 17/18] ima: Implement support for module-style appended signatures\0" - "Date\0Tue, 31 Oct 2017 13:31:35 +0000\0" + "Date\0Tue, 31 Oct 2017 09:31:35 -0400\0" "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>" " linux-integrity@vger.kernel.org\0" "Cc\0linux-security-module@vger.kernel.org" @@ -121,7 +121,7 @@ "\n" "\tif ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) {\n" "\n" - "> +\t\t\tconst char *modsig_cause = rc = -EOPNOTSUPP ?\n" + "> +\t\t\tconst char *modsig_cause = rc == -EOPNOTSUPP ?\n" "> +\t\t\t\t\"unknown\" : \"invalid-signature\";\n" "\n" "This can then be cleaned up as well.\n" @@ -152,7 +152,7 @@ "> +\t\t\t/* Unexpected error reading xattr. */\n" "> +\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t} else {\n" - "> +\t\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t\telse {\n" "> +\t\t\t\tcause = \"invalid-signature\";\n" @@ -167,4 +167,4 @@ "\n" Mimi -d9cd813fd61c907a6c910893afc7bcc346e53fb265497b4342d84165f2ac4e4d +d808660512ece1308c1879d09a60cc6f5ab80f4308f2404c6006fde997321d2b
diff --git a/a/1.txt b/N2/1.txt index 38580cc..b888548 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -89,14 +89,14 @@ Below are a few additional comments. > + *xattr_len_ != -ENODATA) { At this point, there was an appended signature verification failure. - If there isn't an xattr, for whatever reason, shouldn't we be -returning "invalid_signature" and "INTEGRITY_FAIL". If so, then the + If there isn't an xattr, for whatever reason, shouldn't we be +returning "invalid_signature" and "INTEGRITY_FAIL". If so, then the above test could be simplified to check whether there is any data, like this: if ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) { -> + const char *modsig_cause = rc = -EOPNOTSUPP ? +> + const char *modsig_cause = rc == -EOPNOTSUPP ? > + "unknown" : "invalid-signature"; This can then be cleaned up as well. @@ -107,9 +107,9 @@ This can then be cleaned up as well. > + filename, op, modsig_cause, rc, 0); I'm not sure that we want to audit intermediary signature verification -failures. Perhaps this audit message should be considered +failures. Perhaps this audit message should be considered "additional", meaning it is only emitted if the "integrity_audit" boot -command line option is enabled. Change the last field to 1 to +command line option is enabled. Change the last field to 1 to indicate it is an "additional" audit message. > + @@ -127,7 +127,7 @@ This test becomes redundant. > + /* Unexpected error reading xattr. */ > + status = INTEGRITY_UNKNOWN; > + } else { -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else { > + cause = "invalid-signature"; diff --git a/a/content_digest b/N2/content_digest index 993a49b..3d214ff 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -2,7 +2,7 @@ "ref\020171018005331.2688-18-bauerman@linux.vnet.ibm.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH v5 17/18] ima: Implement support for module-style appended signatures\0" - "Date\0Tue, 31 Oct 2017 13:31:35 +0000\0" + "Date\0Tue, 31 Oct 2017 09:31:35 -0400\0" "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>" " linux-integrity@vger.kernel.org\0" "Cc\0linux-security-module@vger.kernel.org" @@ -114,14 +114,14 @@ "> +\t\t *xattr_len_ != -ENODATA) {\n" "\n" "At this point, there was an appended signature verification failure.\n" - "\302\240If there isn't an xattr, for whatever reason, shouldn't we be\n" - "returning \"invalid_signature\" and \"INTEGRITY_FAIL\". \302\240If so, then the\n" + " If there isn't an xattr, for whatever reason, shouldn't we be\n" + "returning \"invalid_signature\" and \"INTEGRITY_FAIL\". If so, then the\n" "above test could be simplified to check whether there is any data,\n" "like this:\n" "\n" "\tif ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) {\n" "\n" - "> +\t\t\tconst char *modsig_cause = rc = -EOPNOTSUPP ?\n" + "> +\t\t\tconst char *modsig_cause = rc == -EOPNOTSUPP ?\n" "> +\t\t\t\t\"unknown\" : \"invalid-signature\";\n" "\n" "This can then be cleaned up as well.\n" @@ -132,9 +132,9 @@ "> +\t\t\t\t\t filename, op, modsig_cause, rc, 0);\n" "\n" "I'm not sure that we want to audit intermediary signature verification\n" - "failures. \302\240Perhaps this audit message should be considered\n" + "failures. Perhaps this audit message should be considered\n" "\"additional\", meaning it is only emitted if the \"integrity_audit\" boot\n" - "command line option is enabled. \302\240Change the last field to 1 to\n" + "command line option is enabled. Change the last field to 1 to\n" "indicate it is an \"additional\" audit message.\n" "\n" "> +\n" @@ -152,7 +152,7 @@ "> +\t\t\t/* Unexpected error reading xattr. */\n" "> +\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t} else {\n" - "> +\t\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t\telse {\n" "> +\t\t\t\tcause = \"invalid-signature\";\n" @@ -167,4 +167,4 @@ "\n" Mimi -d9cd813fd61c907a6c910893afc7bcc346e53fb265497b4342d84165f2ac4e4d +995062ef1e57b670a6fe3c1d777d436459987dc1139d7454568626db47573426
diff --git a/a/1.txt b/N3/1.txt index 38580cc..1924fd3 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -89,14 +89,14 @@ Below are a few additional comments. > + *xattr_len_ != -ENODATA) { At this point, there was an appended signature verification failure. - If there isn't an xattr, for whatever reason, shouldn't we be -returning "invalid_signature" and "INTEGRITY_FAIL". If so, then the +?If there isn't an xattr, for whatever reason, shouldn't we be +returning "invalid_signature" and "INTEGRITY_FAIL". ?If so, then the above test could be simplified to check whether there is any data, like this: if ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) { -> + const char *modsig_cause = rc = -EOPNOTSUPP ? +> + const char *modsig_cause = rc == -EOPNOTSUPP ? > + "unknown" : "invalid-signature"; This can then be cleaned up as well. @@ -107,9 +107,9 @@ This can then be cleaned up as well. > + filename, op, modsig_cause, rc, 0); I'm not sure that we want to audit intermediary signature verification -failures. Perhaps this audit message should be considered +failures. ?Perhaps this audit message should be considered "additional", meaning it is only emitted if the "integrity_audit" boot -command line option is enabled. Change the last field to 1 to +command line option is enabled. ?Change the last field to 1 to indicate it is an "additional" audit message. > + @@ -127,7 +127,7 @@ This test becomes redundant. > + /* Unexpected error reading xattr. */ > + status = INTEGRITY_UNKNOWN; > + } else { -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else { > + cause = "invalid-signature"; @@ -141,3 +141,8 @@ I think the rest can be simplified to: status = INTEGRITY_FAIL; Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N3/content_digest index 993a49b..66002a5 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -1,26 +1,9 @@ "ref\020171018005331.2688-1-bauerman@linux.vnet.ibm.com\0" "ref\020171018005331.2688-18-bauerman@linux.vnet.ibm.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v5 17/18] ima: Implement support for module-style appended signatures\0" - "Date\0Tue, 31 Oct 2017 13:31:35 +0000\0" - "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>" - " linux-integrity@vger.kernel.org\0" - "Cc\0linux-security-module@vger.kernel.org" - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org - linux-kernel@vger.kernel.org - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> - James Morris <james.l.morris@oracle.com> - Serge E. Hallyn <serge@hallyn.com> - David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@redhat.com> - Rusty Russell <rusty@rustcorp.com.au> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - AKASHI - " Takahiro <takahiro.akashi@linaro.org>\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v5 17/18] ima: Implement support for module-style appended signatures\0" + "Date\0Tue, 31 Oct 2017 09:31:35 -0400\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:\n" @@ -114,14 +97,14 @@ "> +\t\t *xattr_len_ != -ENODATA) {\n" "\n" "At this point, there was an appended signature verification failure.\n" - "\302\240If there isn't an xattr, for whatever reason, shouldn't we be\n" - "returning \"invalid_signature\" and \"INTEGRITY_FAIL\". \302\240If so, then the\n" + "?If there isn't an xattr, for whatever reason, shouldn't we be\n" + "returning \"invalid_signature\" and \"INTEGRITY_FAIL\". ?If so, then the\n" "above test could be simplified to check whether there is any data,\n" "like this:\n" "\n" "\tif ((inode->i_opflags & IOP_XATTR) && (*xattr_len_ > 0)) {\n" "\n" - "> +\t\t\tconst char *modsig_cause = rc = -EOPNOTSUPP ?\n" + "> +\t\t\tconst char *modsig_cause = rc == -EOPNOTSUPP ?\n" "> +\t\t\t\t\"unknown\" : \"invalid-signature\";\n" "\n" "This can then be cleaned up as well.\n" @@ -132,9 +115,9 @@ "> +\t\t\t\t\t filename, op, modsig_cause, rc, 0);\n" "\n" "I'm not sure that we want to audit intermediary signature verification\n" - "failures. \302\240Perhaps this audit message should be considered\n" + "failures. ?Perhaps this audit message should be considered\n" "\"additional\", meaning it is only emitted if the \"integrity_audit\" boot\n" - "command line option is enabled. \302\240Change the last field to 1 to\n" + "command line option is enabled. ?Change the last field to 1 to\n" "indicate it is an \"additional\" audit message.\n" "\n" "> +\n" @@ -152,7 +135,7 @@ "> +\t\t\t/* Unexpected error reading xattr. */\n" "> +\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t} else {\n" - "> +\t\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\t\telse {\n" "> +\t\t\t\tcause = \"invalid-signature\";\n" @@ -165,6 +148,11 @@ "\tcause = \"invalid-signature\";\n" "\tstatus = INTEGRITY_FAIL;\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -d9cd813fd61c907a6c910893afc7bcc346e53fb265497b4342d84165f2ac4e4d +ef2debc46b8eb1a76f22fd7253eb95201f6220d015bf9729bf3d8a92a0efc1b0
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.