Re: [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline

linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: Prakhar Srivastava <prsriva02@gmail.com>,
	linux-integrity@vger.kernel.org,
	inux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: ebiederm@xmission.com, vgoyal@redhat.com, prsriva@microsoft.com
Subject: Re: [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline
Date: Mon, 13 May 2019 12:56:32 -0400	[thread overview]
Message-ID: <1557766592.4969.22.camel@linux.ibm.com> (raw)
In-Reply-To: <20190510223744.10154-2-prsriva02@gmail.com>

On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote:

> +/*
> + * process_buffer_measurement - Measure the buffer passed to ima log.

"passed to ima log" is unnecessary.

> + * (Instead of using the file hash use the buffer hash).

This comment, if needed, belongs in the text description area below,
not here.

> + * @buf - The buffer that needs to be added to the log
> + * @size - size of buffer(in bytes)
> + * @eventname - event name to be used for buffer.

Missing are the other fields.

> + *
> + * The buffer passed is added to the ima log.
> + *
> + * On success return 0.
> + * On error cases surface errors from ima calls.

Only IMA-appraise returns errors to the caller.  There's no point in
returning an error.


> + */
> +static int process_buffer_measurement(const void *buf, int size,
> +				const char *eventname, const struct cred *cred,
> +				u32 secid)

This should be "static void".

> +{
> +	int ret = 0;
> +	struct ima_template_entry *entry = NULL;
> +	struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> +	struct ima_event_data event_data = {iint, NULL, NULL,
> +						NULL, 0, NULL};
> +	struct {
> +		struct ima_digest_data hdr;
> +		char digest[IMA_MAX_DIGEST_SIZE];
> +	} hash;
> +	int violation = 0;
> +	int pcr = CONFIG_IMA_MEASURE_PCR_IDX;
> +	int action = 0;
> +
> +	action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr);
> +	if (!(action & IMA_AUDIT) && !(action & IMA_MEASURE))
> +		goto out;
> +
> +	memset(iint, 0, sizeof(*iint));
> +	memset(&hash, 0, sizeof(hash));
> +
> +	event_data.filename = eventname;
> +
> +	iint->ima_hash = &hash.hdr;
> +	iint->ima_hash->algo = ima_hash_algo;
> +	iint->ima_hash->length = hash_digest_size[ima_hash_algo];
> +
> +	ret = ima_calc_buffer_hash(buf, size, iint->ima_hash);
> +	if (ret < 0)
> +		goto out;
> +
> +	ret = ima_alloc_init_template(&event_data, &entry);
> +	if (ret < 0)
> +		goto out;
> +
> +	if (action & IMA_MEASURE)
> +		ret = ima_store_template(entry, violation, NULL, buf, pcr);
> +
> +	if (action & IMA_AUDIT)
> +		ima_audit_measurement(iint, event_data.filename);

The cover letter and patch description say this patch set is limited
to measuring the boot command line - IMA-measurement.
 ima_audit_measurement() adds file hashes in the audit log, which can
be used for security analytics and/or forensics.  This is part of IMA-
audit.  The call to ima_audit_measurement() is inappropriate.

Mimi


> +
> +	if (ret < 0) {
> +		ima_free_template_entry(entry);
> +		goto out;
> +	}
> +
> +out:
> +	return ret;
> +}
> +

next prev parent reply	other threads:[~2019-05-13 16:56 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-10 22:37 [PATCH 0/3 v5] Kexec cmdline bufffer measure Prakhar Srivastava
2019-05-10 22:37 ` [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline Prakhar Srivastava
2019-05-13 16:56   ` Mimi Zohar [this message]
2019-05-14  4:53     ` prakhar srivastava
2019-05-14 14:36       ` Mimi Zohar
2019-05-10 22:37 ` [PATCH 2/3 v5] add a new template field buf to contain the buffer Prakhar Srivastava
2019-05-13 13:48   ` Roberto Sassu
2019-05-14  5:07     ` prakhar srivastava
2019-05-14 13:22       ` Roberto Sassu
2019-05-17 23:32         ` prakhar srivastava
2019-05-20 12:18           ` Roberto Sassu
2019-05-10 22:37 ` [PATCH 3/3 v5] call ima_kexec_cmdline from kexec_file_load path Prakhar Srivastava
2019-05-14 14:46   ` Mimi Zohar
  -- strict thread matches above, loose matches on Subject: below --
2019-05-10 22:32 [PATCH 0/3 v5] Kexec cmdline bufffer measure Prakhar Srivastava
2019-05-10 22:32 ` [PATCH 1/3 v5] add a new ima hook and policy to measure the cmdline Prakhar Srivastava

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1557766592.4969.22.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=ebiederm@xmission.com \
    --cc=inux-security-module@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=prsriva02@gmail.com \
    --cc=prsriva@microsoft.com \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).