diff for duplicates of <87fud9yig8.fsf@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index ab08240..70f36dc 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -65,7 +65,7 @@ the code so it may be worth it. I'll make that change in v4. >> + >> + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm, >> + xattr_len_evm, iint); ->> + if (appraising_modsig && status = INTEGRITY_FAIL) { +>> + if (appraising_modsig && status == INTEGRITY_FAIL) { >> + cause = "invalid-HMAC"; >> + goto out; > @@ -98,18 +98,18 @@ below. What do you think? + + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm, + xattr_len_evm, iint); -+ if (appraising_modsig && (status = INTEGRITY_NOLABEL -+ || status = INTEGRITY_NOXATTRS)) ++ if (appraising_modsig && (status == INTEGRITY_NOLABEL ++ || status == INTEGRITY_NOXATTRS)) + /* It's ok if there's no xattr in the case of modsig. */ + ; + else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { - if ((status = INTEGRITY_NOLABEL) - || (status = INTEGRITY_NOXATTRS)) + if ((status == INTEGRITY_NOLABEL) + || (status == INTEGRITY_NOXATTRS)) cause = "missing-HMAC"; >> + } else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { ->> if ((status = INTEGRITY_NOLABEL) ->> || (status = INTEGRITY_NOXATTRS)) +>> if ((status == INTEGRITY_NOLABEL) +>> || (status == INTEGRITY_NOXATTRS)) >> cause = "missing-HMAC"; >> @@ -281,6 +319,43 @@ int ima_appraise_measurement(enum ima_hooks func, >> status = INTEGRITY_PASS; diff --git a/a/content_digest b/N1/content_digest index f8a1d48..0613607 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -3,7 +3,7 @@ "ref\01501424988.9230.67.camel@linux.vnet.ibm.com\0" "From\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH v3 7/7] ima: Support module-style appended signatures for appraisal\0" - "Date\0Wed, 02 Aug 2017 17:42:47 +0000\0" + "Date\0Wed, 02 Aug 2017 14:42:47 -0300\0" "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Cc\0linux-security-module@vger.kernel.org" linux-ima-devel@lists.sourceforge.net @@ -20,7 +20,7 @@ Rusty Russell <rusty@rustcorp.com.au> Herbert Xu <herbert@gondor.apana.org.au> David S. Miller <davem@davemloft.net> - AKASHI + " AKASHI\\" " Takahiro <takahiro.akashi@linaro.org>\0" "\00:1\0" "b\0" @@ -91,7 +91,7 @@ ">> +\n" ">> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm,\n" ">> +\t\t\t\t xattr_len_evm, iint);\n" - ">> +\tif (appraising_modsig && status = INTEGRITY_FAIL) {\n" + ">> +\tif (appraising_modsig && status == INTEGRITY_FAIL) {\n" ">> +\t\tcause = \"invalid-HMAC\";\n" ">> +\t\tgoto out;\n" ">\n" @@ -124,18 +124,18 @@ "+\n" "+\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm,\n" "+\t\t\t\t xattr_len_evm, iint);\n" - "+\tif (appraising_modsig && (status = INTEGRITY_NOLABEL\n" - "+\t\t\t\t || status = INTEGRITY_NOXATTRS))\n" + "+\tif (appraising_modsig && (status == INTEGRITY_NOLABEL\n" + "+\t\t\t\t || status == INTEGRITY_NOXATTRS))\n" "+\t\t/* It's ok if there's no xattr in the case of modsig. */\n" "+\t\t;\n" "+\telse if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - " \t\tif ((status = INTEGRITY_NOLABEL)\n" - " \t\t || (status = INTEGRITY_NOXATTRS))\n" + " \t\tif ((status == INTEGRITY_NOLABEL)\n" + " \t\t || (status == INTEGRITY_NOXATTRS))\n" " \t\t\tcause = \"missing-HMAC\";\n" "\n" ">> +\t} else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - ">> \t\tif ((status = INTEGRITY_NOLABEL)\n" - ">> \t\t || (status = INTEGRITY_NOXATTRS))\n" + ">> \t\tif ((status == INTEGRITY_NOLABEL)\n" + ">> \t\t || (status == INTEGRITY_NOXATTRS))\n" ">> \t\t\tcause = \"missing-HMAC\";\n" ">> @@ -281,6 +319,43 @@ int ima_appraise_measurement(enum ima_hooks func,\n" ">> \t\t\tstatus = INTEGRITY_PASS;\n" @@ -226,4 +226,4 @@ "Thiago Jung Bauermann\n" IBM Linux Technology Center -5e93d24a3dfa8616f9b5e0a9618c2c43f13bcccf45f22e45d09c3d84635f3c3e +4ebd71b2065ae318b77a81fd45575272c4c0134e66909d6734f65853445c822d
diff --git a/a/1.txt b/N2/1.txt index ab08240..30e6f22 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -65,7 +65,7 @@ the code so it may be worth it. I'll make that change in v4. >> + >> + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm, >> + xattr_len_evm, iint); ->> + if (appraising_modsig && status = INTEGRITY_FAIL) { +>> + if (appraising_modsig && status == INTEGRITY_FAIL) { >> + cause = "invalid-HMAC"; >> + goto out; > @@ -98,18 +98,18 @@ below. What do you think? + + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm, + xattr_len_evm, iint); -+ if (appraising_modsig && (status = INTEGRITY_NOLABEL -+ || status = INTEGRITY_NOXATTRS)) ++ if (appraising_modsig && (status == INTEGRITY_NOLABEL ++ || status == INTEGRITY_NOXATTRS)) + /* It's ok if there's no xattr in the case of modsig. */ + ; + else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { - if ((status = INTEGRITY_NOLABEL) - || (status = INTEGRITY_NOXATTRS)) + if ((status == INTEGRITY_NOLABEL) + || (status == INTEGRITY_NOXATTRS)) cause = "missing-HMAC"; >> + } else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) { ->> if ((status = INTEGRITY_NOLABEL) ->> || (status = INTEGRITY_NOXATTRS)) +>> if ((status == INTEGRITY_NOLABEL) +>> || (status == INTEGRITY_NOXATTRS)) >> cause = "missing-HMAC"; >> @@ -281,6 +319,43 @@ int ima_appraise_measurement(enum ima_hooks func, >> status = INTEGRITY_PASS; @@ -199,3 +199,8 @@ seem to be saying that is just an optimization and can be skipped. -- Thiago Jung Bauermann IBM Linux Technology Center + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info@ http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index f8a1d48..ffb43bb 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,27 +1,10 @@ "ref\020170706221753.17380-1-bauerman@linux.vnet.ibm.com\0" "ref\020170706221753.17380-8-bauerman@linux.vnet.ibm.com\0" "ref\01501424988.9230.67.camel@linux.vnet.ibm.com\0" - "From\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v3 7/7] ima: Support module-style appended signatures for appraisal\0" - "Date\0Wed, 02 Aug 2017 17:42:47 +0000\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0linux-security-module@vger.kernel.org" - linux-ima-devel@lists.sourceforge.net - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org - linux-kernel@vger.kernel.org - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> - James Morris <james.l.morris@oracle.com> - Serge E. Hallyn <serge@hallyn.com> - David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@redhat.com> - Rusty Russell <rusty@rustcorp.com.au> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - AKASHI - " Takahiro <takahiro.akashi@linaro.org>\0" + "From\0bauerman@linux.vnet.ibm.com (Thiago Jung Bauermann)\0" + "Subject\0[PATCH v3 7/7] ima: Support module-style appended signatures for appraisal\0" + "Date\0Wed, 02 Aug 2017 14:42:47 -0300\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "\n" @@ -91,7 +74,7 @@ ">> +\n" ">> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm,\n" ">> +\t\t\t\t xattr_len_evm, iint);\n" - ">> +\tif (appraising_modsig && status = INTEGRITY_FAIL) {\n" + ">> +\tif (appraising_modsig && status == INTEGRITY_FAIL) {\n" ">> +\t\tcause = \"invalid-HMAC\";\n" ">> +\t\tgoto out;\n" ">\n" @@ -124,18 +107,18 @@ "+\n" "+\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value_evm,\n" "+\t\t\t\t xattr_len_evm, iint);\n" - "+\tif (appraising_modsig && (status = INTEGRITY_NOLABEL\n" - "+\t\t\t\t || status = INTEGRITY_NOXATTRS))\n" + "+\tif (appraising_modsig && (status == INTEGRITY_NOLABEL\n" + "+\t\t\t\t || status == INTEGRITY_NOXATTRS))\n" "+\t\t/* It's ok if there's no xattr in the case of modsig. */\n" "+\t\t;\n" "+\telse if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - " \t\tif ((status = INTEGRITY_NOLABEL)\n" - " \t\t || (status = INTEGRITY_NOXATTRS))\n" + " \t\tif ((status == INTEGRITY_NOLABEL)\n" + " \t\t || (status == INTEGRITY_NOXATTRS))\n" " \t\t\tcause = \"missing-HMAC\";\n" "\n" ">> +\t} else if (status != INTEGRITY_PASS && status != INTEGRITY_UNKNOWN) {\n" - ">> \t\tif ((status = INTEGRITY_NOLABEL)\n" - ">> \t\t || (status = INTEGRITY_NOXATTRS))\n" + ">> \t\tif ((status == INTEGRITY_NOLABEL)\n" + ">> \t\t || (status == INTEGRITY_NOXATTRS))\n" ">> \t\t\tcause = \"missing-HMAC\";\n" ">> @@ -281,6 +319,43 @@ int ima_appraise_measurement(enum ima_hooks func,\n" ">> \t\t\tstatus = INTEGRITY_PASS;\n" @@ -224,6 +207,11 @@ "\n" "-- \n" "Thiago Jung Bauermann\n" - IBM Linux Technology Center + "IBM Linux Technology Center\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info@ http://vger.kernel.org/majordomo-info.html -5e93d24a3dfa8616f9b5e0a9618c2c43f13bcccf45f22e45d09c3d84635f3c3e +e41cfab9d4a1171faaf1af2ec7b79d85b2ada921d62350d1b25ef1482f9fbbd7
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.