From: Mimi Zohar <zohar@linux.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.ibm.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig
Date: Tue, 28 May 2019 14:09:20 +0000 [thread overview]
Message-ID: <1559052560.4090.14.camel@linux.ibm.com> (raw)
In-Reply-To: <20190418035120.2354-13-bauerman@linux.ibm.com>
Hi Thiago,
On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
> If the IMA template contains the "modsig" or "d-modsig" field, then the
> modsig should be added to the measurement list when the file is appraised.
>
> And that is what normally happens, but if a measurement rule caused a file
> containing a modsig to be measured before a different rule causes it to be
> appraised, the resulting measurement entry will not contain the modsig
> because it is only fetched during appraisal. When the appraisal rule
> triggers, it won't store a new measurement containing the modsig because
> the file was already measured.
>
> We need to detect that situation and store an additional measurement with
> the modsig. This is done by adding an IMA_MEASURE action flag if we read a
> modsig and the IMA template contains a modsig field.
With the new per policy rule "template" support being added, this
patch needs to be modified so that the per policy "template" format is
checked.  ima_template_has_modsig() should be called with the
template_desc being used.
thanks,
Mimi
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 8e6475854351..f91ed4189f98 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -282,9 +282,17 @@ static int process_measurement(struct file *file, const struct cred *cred,
> /* read 'security.ima' */
> xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
>
> - /* Read the appended modsig if allowed by the policy. */
> - if (iint->flags & IMA_MODSIG_ALLOWED)
> - ima_read_modsig(func, buf, size, &modsig);
> + /*
> + * Read the appended modsig, if allowed by the policy, and allow
> + * an additional measurement list entry, if needed, based on the
> + * template format.
> + */
> + if (iint->flags & IMA_MODSIG_ALLOWED) {
> + rc = ima_read_modsig(func, buf, size, &modsig);
> +
> + if (!rc && ima_template_has_modsig())
> + action |= IMA_MEASURE;
> + }
>
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.ibm.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig
Date: Tue, 28 May 2019 10:09:20 -0400 [thread overview]
Message-ID: <1559052560.4090.14.camel@linux.ibm.com> (raw)
In-Reply-To: <20190418035120.2354-13-bauerman@linux.ibm.com>
Hi Thiago,
On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
> If the IMA template contains the "modsig" or "d-modsig" field, then the
> modsig should be added to the measurement list when the file is appraised.
>
> And that is what normally happens, but if a measurement rule caused a file
> containing a modsig to be measured before a different rule causes it to be
> appraised, the resulting measurement entry will not contain the modsig
> because it is only fetched during appraisal. When the appraisal rule
> triggers, it won't store a new measurement containing the modsig because
> the file was already measured.
>
> We need to detect that situation and store an additional measurement with
> the modsig. This is done by adding an IMA_MEASURE action flag if we read a
> modsig and the IMA template contains a modsig field.
With the new per policy rule "template" support being added, this
patch needs to be modified so that the per policy "template" format is
checked. ima_template_has_modsig() should be called with the
template_desc being used.
thanks,
Mimi
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 8e6475854351..f91ed4189f98 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -282,9 +282,17 @@ static int process_measurement(struct file *file, const struct cred *cred,
> /* read 'security.ima' */
> xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
>
> - /* Read the appended modsig if allowed by the policy. */
> - if (iint->flags & IMA_MODSIG_ALLOWED)
> - ima_read_modsig(func, buf, size, &modsig);
> + /*
> + * Read the appended modsig, if allowed by the policy, and allow
> + * an additional measurement list entry, if needed, based on the
> + * template format.
> + */
> + if (iint->flags & IMA_MODSIG_ALLOWED) {
> + rc = ima_read_modsig(func, buf, size, &modsig);
> +
> + if (!rc && ima_template_has_modsig())
> + action |= IMA_MEASURE;
> + }
>
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.ibm.com>,
linux-integrity@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-doc@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
David Howells <dhowells@redhat.com>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
linuxppc-dev@lists.ozlabs.org,
David Woodhouse <dwmw2@infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig
Date: Tue, 28 May 2019 10:09:20 -0400 [thread overview]
Message-ID: <1559052560.4090.14.camel@linux.ibm.com> (raw)
In-Reply-To: <20190418035120.2354-13-bauerman@linux.ibm.com>
Hi Thiago,
On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
> If the IMA template contains the "modsig" or "d-modsig" field, then the
> modsig should be added to the measurement list when the file is appraised.
>
> And that is what normally happens, but if a measurement rule caused a file
> containing a modsig to be measured before a different rule causes it to be
> appraised, the resulting measurement entry will not contain the modsig
> because it is only fetched during appraisal. When the appraisal rule
> triggers, it won't store a new measurement containing the modsig because
> the file was already measured.
>
> We need to detect that situation and store an additional measurement with
> the modsig. This is done by adding an IMA_MEASURE action flag if we read a
> modsig and the IMA template contains a modsig field.
With the new per policy rule "template" support being added, this
patch needs to be modified so that the per policy "template" format is
checked. ima_template_has_modsig() should be called with the
template_desc being used.
thanks,
Mimi
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 8e6475854351..f91ed4189f98 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -282,9 +282,17 @@ static int process_measurement(struct file *file, const struct cred *cred,
> /* read 'security.ima' */
> xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
>
> - /* Read the appended modsig if allowed by the policy. */
> - if (iint->flags & IMA_MODSIG_ALLOWED)
> - ima_read_modsig(func, buf, size, &modsig);
> + /*
> + * Read the appended modsig, if allowed by the policy, and allow
> + * an additional measurement list entry, if needed, based on the
> + * template format.
> + */
> + if (iint->flags & IMA_MODSIG_ALLOWED) {
> + rc = ima_read_modsig(func, buf, size, &modsig);
> +
> + if (!rc && ima_template_has_modsig())
> + action |= IMA_MEASURE;
> + }
>
next prev parent reply other threads:[~2019-05-28 14:09 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 3:51 [PATCH v10 00/12] Appended signatures support for IMA appraisal Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 01/12] MODSIGN: Export module signature definitions Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 02/12] PKCS#7: Refactor verify_pkcs7_signature() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 03/12] PKCS#7: Introduce pkcs7_get_digest() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 04/12] integrity: Introduce struct evm_xattr Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 05/12] integrity: Select CONFIG_KEYS instead of depending on it Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 06/12] ima: Use designated initializers for struct ima_event_data Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:46 ` Mimi Zohar
2019-05-09 15:46 ` Mimi Zohar
2019-05-09 15:46 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 07/12] ima: Add modsig appraise_type option for module-style appended signatures Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 08/12] ima: Factor xattr_verify() out of ima_appraise_measurement() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:53 ` Mimi Zohar
2019-05-09 15:53 ` Mimi Zohar
2019-05-09 15:53 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 09/12] ima: Implement support for module-style appended signatures Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 20:06 ` Mimi Zohar
2019-05-28 20:06 ` Mimi Zohar
2019-05-28 20:06 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 10/12] ima: Collect modsig Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 11/12] ima: Define ima-modsig template Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-28 19:09 ` Thiago Jung Bauermann
2019-05-28 19:09 ` Thiago Jung Bauermann
2019-05-28 19:09 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-28 14:09 ` Mimi Zohar [this message]
2019-05-28 14:09 ` Mimi Zohar
2019-05-28 14:09 ` Mimi Zohar
2019-05-28 19:14 ` Thiago Jung Bauermann
2019-05-28 19:14 ` Thiago Jung Bauermann
2019-05-28 19:14 ` Thiago Jung Bauermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1559052560.4090.14.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jeyu@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.