From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: THOBY Simon <Simon.THOBY@viveris.fr>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"dmitry.kasatkin@gmail.com" <dmitry.kasatkin@gmail.com>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
BARVAUX Didier <Didier.BARVAUX@viveris.fr>
Subject: Re: [PATCH v6 4/5] IMA: add a policy option to restrict xattr hash algorithms on appraisal
Date: Wed, 4 Aug 2021 13:53:02 -0700 [thread overview]
Message-ID: <a1cad70f-b146-988a-746f-6c64f9631848@linux.microsoft.com> (raw)
In-Reply-To: <20210804092010.350372-5-simon.thoby@viveris.fr>
Hi Simon,
On 8/4/2021 2:20 AM, THOBY Simon wrote:
> Signed-off-by: Simon Thoby <simon.thoby@viveris.fr>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> Documentation/ABI/testing/ima_policy | 6 ++-
> security/integrity/ima/ima_policy.c | 75 ++++++++++++++++++++++++++--
> 2 files changed, 76 insertions(+), 5 deletions(-)
>
>
> +static unsigned int ima_parse_appraise_hash(char *arg)
> +{
> + unsigned int res = 0;
> + int idx;
> + char *token;
> +
> + while ((token = strsep(&arg, ",")) != NULL) {
> + idx = match_string(hash_algo_name, HASH_ALGO__LAST, token);
> +
> + if (idx < 0) {
> + pr_err("unknown hash algorithm \"%s\", ignoring",
> + token);
> + continue;
Is it right to ignore an invalid digest algorithm given in the IMA
policy rule? Should "invalid ima policy" error be reported instead?
Other changes look good.
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
-lakshmi
> + }
> +
> + /* Add the hash algorithm to the 'allowed' bitfield */
> + res |= (1U << idx);
> + }
> +
> + return res;
> +}
> +
> static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> {
> struct audit_buffer *ab;
> @@ -1522,6 +1546,26 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> else
> result = -EINVAL;
> break;
> + case Opt_appraise_hash:
> + ima_log_string(ab, "appraise_hash", args[0].from);
> +
> + if (entry->allowed_hashes) {
> + result = -EINVAL;
> + break;
> + }
> +
> + entry->allowed_hashes =
> + ima_parse_appraise_hash(args[0].from);
> +
> + /* invalid or empty list of algorithms */
> + if (!entry->allowed_hashes) {
> + result = -EINVAL;
> + break;
> + }
> +
> + entry->flags |= IMA_VALIDATE_HASH;
> +
> + break;
> case Opt_permit_directio:
> entry->flags |= IMA_PERMIT_DIRECTIO;
> break;
> @@ -1714,6 +1758,23 @@ static void ima_show_rule_opt_list(struct seq_file *m,
> seq_printf(m, "%s%s", i ? "|" : "", opt_list->items[i]);
> }
>
> +static void ima_policy_show_appraise_hash(struct seq_file *m,
> + unsigned int allowed_hashes)
> +{
> + int idx, list_size = 0;
> +
> + for (idx = 0; idx < HASH_ALGO__LAST; idx++) {
> + if (!(allowed_hashes & (1U << idx)))
> + continue;
> +
> + /* only add commas if the list contains multiple entries */
> + if (list_size++)
> + seq_puts(m, ",");
> +
> + seq_puts(m, hash_algo_name[idx]);
> + }
> +}
> +
> int ima_policy_show(struct seq_file *m, void *v)
> {
> struct ima_rule_entry *entry = v;
> @@ -1825,6 +1886,12 @@ int ima_policy_show(struct seq_file *m, void *v)
> seq_puts(m, " ");
> }
>
> + if (entry->flags & IMA_VALIDATE_HASH) {
> + seq_puts(m, "appraise_hash=");
> + ima_policy_show_appraise_hash(m, entry->allowed_hashes);
> + seq_puts(m, " ");
> + }
> +
> for (i = 0; i < MAX_LSM_RULES; i++) {
> if (entry->lsm[i].rule) {
> switch (i) {
>
next prev parent reply other threads:[~2021-08-04 20:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 9:20 [PATCH v6 0/5] IMA: restrict the accepted digest algorithms for the security.ima xattr THOBY Simon
2021-08-04 9:20 ` [PATCH v6 1/5] IMA: remove the dependency on CRYPTO_MD5 THOBY Simon
2021-08-04 17:41 ` Lakshmi Ramasubramanian
2021-08-09 20:59 ` Mimi Zohar
2021-08-04 9:20 ` [PATCH v6 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms THOBY Simon
2021-08-04 17:40 ` Lakshmi Ramasubramanian
2021-08-09 13:32 ` Mimi Zohar
2021-08-09 23:34 ` Mimi Zohar
2021-08-10 6:44 ` THOBY Simon
2021-08-04 9:20 ` [PATCH v6 3/5] IMA: add support to restrict the hash algorithms used for file appraisal THOBY Simon
2021-08-04 17:44 ` Lakshmi Ramasubramanian
2021-08-09 17:43 ` Mimi Zohar
2021-08-10 6:45 ` THOBY Simon
2021-08-04 9:20 ` [PATCH v6 4/5] IMA: add a policy option to restrict xattr hash algorithms on appraisal THOBY Simon
2021-08-04 20:53 ` Lakshmi Ramasubramanian [this message]
2021-08-05 7:42 ` THOBY Simon
2021-08-09 18:05 ` Mimi Zohar
2021-08-04 9:20 ` [PATCH v6 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK THOBY Simon
2021-08-04 18:49 ` Lakshmi Ramasubramanian
2021-08-09 18:12 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1cad70f-b146-988a-746f-6c64f9631848@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=Didier.BARVAUX@viveris.fr \
--cc=Simon.THOBY@viveris.fr \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox