From: Serge Hallyn <serge.hallyn@canonical.com>
To: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Cc: zohar@linux.vnet.ibm.com, jmorris@namei.org,
rusty@rustcorp.com.au, dhowells@redhat.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC v2 4/7] modsig: add integrity_module_check hook
Date: Wed, 15 Aug 2012 15:16:35 -0500 [thread overview]
Message-ID: <20120815201635.GB10088@amd1> (raw)
In-Reply-To: <68a6f647ca1d4429d6b781b6cfeed9c93a346c14.1345055639.git.dmitry.kasatkin@intel.com>
Quoting Dmitry Kasatkin (dmitry.kasatkin@intel.com):
> IMA measures/appraises modules when modprobe or insmod opens and read them.
> Unfortunately, there are no guarantees between what is read by userspace and
> what is passed to the kernel via load_module system call. This patch adds a
> hook called integrity_module_check() to verify the integrity of the module
> being loaded.
>
> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
> ---
> include/linux/integrity.h | 10 ++++++++++
> kernel/module.c | 9 +++++++++
> 2 files changed, 19 insertions(+)
>
> diff --git a/include/linux/integrity.h b/include/linux/integrity.h
> index 66c5fe9..a80ec06 100644
> --- a/include/linux/integrity.h
> +++ b/include/linux/integrity.h
> @@ -37,4 +37,14 @@ static inline void integrity_inode_free(struct inode *inode)
> return;
> }
> #endif /* CONFIG_INTEGRITY_H */
> +
> +#ifdef CONFIG_INTEGRITY_MODULES
> +int integrity_module_check(const void *hdr, const unsigned long len);
sadly not bisect-safe, since integrity_module_check() is defined in
the next patch.
> +#else
> +static inline int integrity_module_check(const void *buf, unsigned long len)
> +{
> + return 0;
> +}
> +#endif
> +
> #endif /* _LINUX_INTEGRITY_H */
> diff --git a/kernel/module.c b/kernel/module.c
> index 4edbd9c..791da47 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -58,6 +58,7 @@
> #include <linux/jump_label.h>
> #include <linux/pfn.h>
> #include <linux/bsearch.h>
> +#include <linux/integrity.h>
>
> #define CREATE_TRACE_POINTS
> #include <trace/events/module.h>
> @@ -2437,6 +2438,14 @@ static int copy_and_check(struct load_info *info,
>
> info->hdr = hdr;
> info->len = len;
> +
> + err = integrity_module_check(hdr, len);
> + if (err < 0)
> + goto free_hdr;
> +
> + /* cut signature tail */
> + info->len = err;
> +
> return 0;
>
> free_hdr:
> --
> 1.7.9.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-08-15 20:16 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 18:43 [RFC v2 0/7] modsig: signature based kernel module integrity verfication Dmitry Kasatkin
2012-08-15 18:43 ` [RFC v2 1/7] integrity: added digest calculation function Dmitry Kasatkin
2012-08-15 20:11 ` Serge Hallyn
2012-08-15 21:11 ` Kasatkin, Dmitry
2012-08-16 20:32 ` Kasatkin, Dmitry
2012-08-16 21:39 ` Serge Hallyn
2012-08-20 2:59 ` Rusty Russell
2012-08-22 16:38 ` Kasatkin, Dmitry
2012-08-15 18:43 ` [RFC v2 2/7] keys: initialize root uid and session keyrings early Dmitry Kasatkin
2012-08-16 18:26 ` Josh Boyer
2012-08-16 19:08 ` Mimi Zohar
2012-08-16 19:13 ` Josh Boyer
2012-08-16 19:45 ` Mimi Zohar
2012-08-16 19:59 ` Josh Boyer
2012-08-16 20:01 ` Mimi Zohar
2012-08-17 21:27 ` Eric W. Biederman
2012-08-15 18:43 ` [RFC v2 3/7] integrity: create and inititialize a keyring with builtin public key Dmitry Kasatkin
2012-08-16 18:37 ` Josh Boyer
2012-08-16 19:28 ` Mimi Zohar
2012-08-17 6:06 ` Kasatkin, Dmitry
2012-08-16 21:11 ` Kasatkin, Dmitry
2012-08-15 18:43 ` [RFC v2 4/7] modsig: add integrity_module_check hook Dmitry Kasatkin
2012-08-15 20:16 ` Serge Hallyn [this message]
2012-08-15 21:13 ` Kasatkin, Dmitry
2012-08-17 5:45 ` Kasatkin, Dmitry
2012-08-16 18:49 ` Josh Boyer
2012-08-16 19:56 ` Kasatkin, Dmitry
2012-09-03 23:06 ` Rusty Russell
2012-08-15 18:43 ` [RFC v2 5/7] modsig: verify module integrity based on signature Dmitry Kasatkin
2012-08-15 18:43 ` [RFC v2 6/7] modsig: initialize the _module public key keyring Dmitry Kasatkin
2012-08-16 18:54 ` Josh Boyer
2012-08-16 19:57 ` Mimi Zohar
2012-08-15 18:43 ` [RFC v2 7/7] modsig: build rules and scripts to generate keys and sign modules Dmitry Kasatkin
2012-08-16 19:10 ` Josh Boyer
2012-08-16 20:12 ` Kasatkin, Dmitry
2012-08-16 20:31 ` Josh Boyer
2012-08-16 21:04 ` Kasatkin, Dmitry
2012-08-17 0:53 ` Mimi Zohar
2012-08-17 11:40 ` Josh Boyer
2012-08-17 17:08 ` Mimi Zohar
2012-08-17 17:44 ` Josh Boyer
2012-08-17 17:52 ` Josh Boyer
2012-08-20 1:05 ` Mimi Zohar
2012-08-20 12:32 ` Josh Boyer
2012-08-20 13:13 ` Mimi Zohar
2012-08-20 14:23 ` Josh Boyer
2012-08-16 20:12 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120815201635.GB10088@amd1 \
--to=serge.hallyn@canonical.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.