From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60856 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752933AbeBENln (ORCPT ); Mon, 5 Feb 2018 08:41:43 -0500 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w15DejYR019121 for ; Mon, 5 Feb 2018 08:41:43 -0500 Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 2fxquchdsk-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 05 Feb 2018 08:41:42 -0500 Received: from localhost by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 5 Feb 2018 13:41:36 -0000 Subject: [RFC PATCH] ima: force the re-evaluation of files on untrusted file systems From: Mimi Zohar To: Miklos Szeredi Cc: Alban Crequy , Dongsu Park , linux-integrity , linux-security-module , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Date: Mon, 05 Feb 2018 08:40:54 -0500 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Message-Id: <1517838054.3736.49.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On filesystems, such as fuse or remote filesystems, that we can not detect or rely on the filesystem to tell us when a file has changed, always re-measure, re-appraise, and/or re-audit the file. Signed-of-by: Mimi Zohar --- Hi Miklos, Was something like this what you had in mind? Mimi --- security/integrity/ima/ima_main.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6d78cb26784d..a428bd75232e 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -170,6 +170,7 @@ static int process_measurement(struct file *file, char *buf, loff_t size, int mask, enum ima_hooks func, int opened) { struct inode *inode = file_inode(file); + struct dentry *dentry = file_dentry(file); struct integrity_iint_cache *iint = NULL; struct ima_template_desc *template_desc; char *pathbuf = NULL; @@ -228,9 +229,16 @@ static int process_measurement(struct file *file, char *buf, loff_t size, IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | IMA_ACTION_FLAGS); - if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags)) - /* reset all flags if ima_inode_setxattr was called */ + /* + * Re-measure, re-appraise, and/or re-audit a file, if the security + * xattrs changed or if the file is on an untrusted file system + * (eg. FUSE, remote filesystems). + */ + if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) || + (dentry->d_op && dentry->d_op->d_revalidate)) { iint->flags &= ~IMA_DONE_MASK; + iint->measured_pcrs = 0; + } /* Determine if already appraised/measured based on bitmask * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED, -- 2.7.5