From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@nokia.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>,
Dmitry Kasatkin <dmitry.s.kasatkin@gmail.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH v6 04/20] evm: add support for different security.evm data types
Date: Fri, 03 Jun 2011 08:31:56 -0400 [thread overview]
Message-ID: <1307104316.3137.4.camel@localhost.localdomain> (raw)
In-Reply-To: <20110602225005.GB23700@mail.hallyn.com>
On Thu, 2011-06-02 at 17:50 -0500, Serge E. Hallyn wrote:
> Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> > From: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
> >
> > EVM protects a file's security extended attributes(xattrs) against integrity
> > attacks. The current patchset maintains an HMAC-sha1 value across the security
> > xattrs, storing the value as the extended attribute 'security.evm'. We
> > anticipate other methods for protecting the security extended attributes.
> > This patch reserves the first byte of 'security.evm' as a place holder for
> > the type of method.
> >
> > Changelog v6:
> > - move evm_ima_xattr_type definition to security/integrity/integrity.h
> > - defined a structure for the EVM xattr called evm_ima_xattr_data
> > (based on Serge Hallyn's suggestion)
> >
> > Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
> > Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> > ---
> > include/linux/integrity.h | 1 +
> > security/integrity/evm/evm_crypto.c | 11 +++++++----
> > security/integrity/evm/evm_main.c | 10 +++++-----
> > security/integrity/integrity.h | 11 +++++++++++
> > 4 files changed, 24 insertions(+), 9 deletions(-)
> >
> > diff --git a/include/linux/integrity.h b/include/linux/integrity.h
> > index e715a2a..9684433 100644
> > --- a/include/linux/integrity.h
> > +++ b/include/linux/integrity.h
> > @@ -19,6 +19,7 @@ enum integrity_status {
> > INTEGRITY_UNKNOWN,
> > };
> >
> > +/* List of EVM protected security xattrs */
> > #ifdef CONFIG_INTEGRITY
> > extern int integrity_inode_alloc(struct inode *inode);
> > extern void integrity_inode_free(struct inode *inode);
> > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> > index d49bb00..c631b99 100644
> > --- a/security/integrity/evm/evm_crypto.c
> > +++ b/security/integrity/evm/evm_crypto.c
> > @@ -141,14 +141,17 @@ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
> > const char *xattr_value, size_t xattr_value_len)
> > {
> > struct inode *inode = dentry->d_inode;
> > - u8 hmac[SHA1_DIGEST_SIZE];
> > + struct evm_ima_xattr_data xattr_data;
> > int rc = 0;
> >
> > rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
> > - xattr_value_len, hmac);
> > - if (rc == 0)
> > + xattr_value_len, xattr_data.digest);
> > + if (rc == 0) {
> > + xattr_data.type = EVM_XATTR_HMAC;
> > rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
> > - hmac, SHA1_DIGEST_SIZE, 0);
> > + &xattr_data,
> > + sizeof(xattr_data), 0);
> > + }
> > else if (rc == -ENODATA)
> > rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM);
> > return rc;
> > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> > index a8fa45f..c0580dd1 100644
> > --- a/security/integrity/evm/evm_main.c
> > +++ b/security/integrity/evm/evm_main.c
> > @@ -51,20 +51,20 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
> > size_t xattr_value_len,
> > struct integrity_iint_cache *iint)
> > {
> > - char hmac_val[SHA1_DIGEST_SIZE];
> > + struct evm_ima_xattr_data xattr_data;
> > int rc;
> >
> > if (iint->hmac_status != INTEGRITY_UNKNOWN)
> > return iint->hmac_status;
> >
> > - memset(hmac_val, 0, sizeof hmac_val);
>
> Why did you drop the memset here?
>
> (You didn't in the previous version of this patch)
Based on a discussion with Dmitry, neither the crypto nor the logic need
it initialized. Forgot to add it to the changelog. :-(
> Otherwise, looks good.
>
> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Thanks!
> > rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
> > - xattr_value_len, hmac_val);
> > + xattr_value_len, xattr_data.digest);
> > if (rc < 0)
> > return INTEGRITY_UNKNOWN;
> >
> > - rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, hmac_val, sizeof hmac_val,
> > - GFP_NOFS);
> > + xattr_data.type = EVM_XATTR_HMAC;
> > + rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, (u8 *)&xattr_data,
> > + sizeof xattr_data, GFP_NOFS);
> > if (rc < 0)
> > goto err_out;
> > iint->hmac_status = INTEGRITY_PASS;
> > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
> > index 397a46b..7efbf56 100644
> > --- a/security/integrity/integrity.h
> > +++ b/security/integrity/integrity.h
> > @@ -18,6 +18,17 @@
> > /* iint cache flags */
> > #define IMA_MEASURED 0x01
> >
> > +enum evm_ima_xattr_type {
> > + IMA_XATTR_DIGEST = 0x01,
> > + EVM_XATTR_HMAC,
> > + EVM_IMA_XATTR_DIGSIG,
> > +};
> > +
> > +struct evm_ima_xattr_data {
> > + u8 type;
> > + u8 digest[SHA1_DIGEST_SIZE];
> > +} __attribute__((packed));
> > +
> > /* integrity data associated with an inode */
> > struct integrity_iint_cache {
> > struct rb_node rb_node; /* rooted in integrity_iint_tree */
> > --
> > 1.7.3.4
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-06-03 12:31 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-02 12:23 [PATCH v6 00/20] EVM Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 01/20] integrity: move ima inode integrity data management Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 02/20] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 03/20] evm: re-release Mimi Zohar
2011-06-02 22:38 ` Serge E. Hallyn
2011-06-02 12:23 ` [PATCH v6 04/20] evm: add support for different security.evm data types Mimi Zohar
2011-06-02 22:50 ` Serge E. Hallyn
2011-06-03 12:31 ` Mimi Zohar [this message]
2011-06-02 12:23 ` [PATCH v6 05/20] security: imbed evm calls in security hooks Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 06/20] evm: evm_inode_post_removexattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 07/20] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 08/20] evm: evm_inode_post_init Mimi Zohar
2011-06-03 2:21 ` Dave Chinner
2011-06-03 5:06 ` Mimi Zohar
2011-06-04 23:50 ` Dave Chinner
2011-06-05 2:46 ` Mimi Zohar
2011-06-07 15:56 ` Casey Schaufler
2011-06-02 12:23 ` [PATCH v6 09/20] fs: add evm_inode_post_init calls Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 10/20] evm: crypto hash replaced by shash Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 12/20] evm: add evm_inode_post_init call in gfs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 13/20] evm: add evm_inode_post_init call in jffs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 14/20] evm: add evm_inode_post_init call in jfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 15/20] evm: add evm_inode_post_init call in xfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 16/20] evm: additional parameter to pass integrity cache entry 'iint' Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 17/20] evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 18/20] evm: replace hmac_status with evm_status Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 19/20] evm: permit only valid security.evm xattrs to be updated Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 20/20] evm: add evm_inode_setattr to prevent updating an invalid security.evm Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307104316.3137.4.camel@localhost.localdomain \
--to=zohar@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=dmitry.kasatkin@nokia.com \
--cc=dmitry.s.kasatkin@gmail.com \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=serge@hallyn.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).