Re: [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: Prakhar Srivastava <prsriva02@gmail.com>,
	linux-integrity@vger.kernel.org,
	inux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: ebiederm@xmission.com, vgoyal@redhat.com, prsriva@microsoft.com
Subject: Re: [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline
Date: Mon, 13 May 2019 12:56:32 -0400	[thread overview]
Message-ID: <1557766592.4969.22.camel@linux.ibm.com> (raw)
In-Reply-To: <20190510223744.10154-2-prsriva02@gmail.com>

On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote:

> +/*
> + * process_buffer_measurement - Measure the buffer passed to ima log.

"passed to ima log" is unnecessary.

> + * (Instead of using the file hash use the buffer hash).

This comment, if needed, belongs in the text description area below,
not here.

> + * @buf - The buffer that needs to be added to the log
> + * @size - size of buffer(in bytes)
> + * @eventname - event name to be used for buffer.

Missing are the other fields.

> + *
> + * The buffer passed is added to the ima log.
> + *
> + * On success return 0.
> + * On error cases surface errors from ima calls.

Only IMA-appraise returns errors to the caller.  There's no point in
returning an error.


> + */
> +static int process_buffer_measurement(const void *buf, int size,
> +				const char *eventname, const struct cred *cred,
> +				u32 secid)

This should be "static void".

> +{
> +	int ret = 0;
> +	struct ima_template_entry *entry = NULL;
> +	struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> +	struct ima_event_data event_data = {iint, NULL, NULL,
> +						NULL, 0, NULL};
> +	struct {
> +		struct ima_digest_data hdr;
> +		char digest[IMA_MAX_DIGEST_SIZE];
> +	} hash;
> +	int violation = 0;
> +	int pcr = CONFIG_IMA_MEASURE_PCR_IDX;
> +	int action = 0;
> +
> +	action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr);
> +	if (!(action & IMA_AUDIT) && !(action & IMA_MEASURE))
> +		goto out;
> +
> +	memset(iint, 0, sizeof(*iint));
> +	memset(&hash, 0, sizeof(hash));
> +
> +	event_data.filename = eventname;
> +
> +	iint->ima_hash = &hash.hdr;
> +	iint->ima_hash->algo = ima_hash_algo;
> +	iint->ima_hash->length = hash_digest_size[ima_hash_algo];
> +
> +	ret = ima_calc_buffer_hash(buf, size, iint->ima_hash);
> +	if (ret < 0)
> +		goto out;
> +
> +	ret = ima_alloc_init_template(&event_data, &entry);
> +	if (ret < 0)
> +		goto out;
> +
> +	if (action & IMA_MEASURE)
> +		ret = ima_store_template(entry, violation, NULL, buf, pcr);
> +
> +	if (action & IMA_AUDIT)
> +		ima_audit_measurement(iint, event_data.filename);

The cover letter and patch description say this patch set is limited
to measuring the boot command line - IMA-measurement.
 ima_audit_measurement() adds file hashes in the audit log, which can
be used for security analytics and/or forensics.  This is part of IMA-
audit.  The call to ima_audit_measurement() is inappropriate.

Mimi


> +
> +	if (ret < 0) {
> +		ima_free_template_entry(entry);
> +		goto out;
> +	}
> +
> +out:
> +	return ret;
> +}
> +

next prev parent reply	other threads:[~2019-05-13 16:56 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-10 22:37 [PATCH 0/3 v5] Kexec cmdline bufffer measure Prakhar Srivastava
2019-05-10 22:37 ` [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline Prakhar Srivastava
2019-05-13 16:56   ` Mimi Zohar [this message]
2019-05-14  4:53     ` prakhar srivastava
2019-05-14 14:36       ` Mimi Zohar
2019-05-10 22:37 ` [PATCH 2/3 v5] add a new template field buf to contain the buffer Prakhar Srivastava
2019-05-13 13:48   ` Roberto Sassu
2019-05-14  5:07     ` prakhar srivastava
2019-05-14 13:22       ` Roberto Sassu
2019-05-17 23:32         ` prakhar srivastava
2019-05-20 12:18           ` Roberto Sassu
2019-05-10 22:37 ` [PATCH 3/3 v5] call ima_kexec_cmdline from kexec_file_load path Prakhar Srivastava
2019-05-14 14:46   ` Mimi Zohar
  -- strict thread matches above, loose matches on Subject: below --
2019-05-10 22:32 [PATCH 0/3 v5] Kexec cmdline bufffer measure Prakhar Srivastava
2019-05-10 22:32 ` [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline Prakhar Srivastava

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1557766592.4969.22.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=ebiederm@xmission.com \
    --cc=inux-security-module@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=prsriva02@gmail.com \
    --cc=prsriva@microsoft.com \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.