From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC8ACC04E87 for ; Mon, 20 May 2019 21:20:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CCA56216B7 for ; Mon, 20 May 2019 21:20:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727179AbfETVUo (ORCPT ); Mon, 20 May 2019 17:20:44 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:43606 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726026AbfETVUo (ORCPT ); Mon, 20 May 2019 17:20:44 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4KL2KKt082494 for ; Mon, 20 May 2019 17:20:42 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2sm1qbd15r-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 20 May 2019 17:20:42 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 May 2019 22:20:40 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 May 2019 22:20:38 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x4KLKbil60686518 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 May 2019 21:20:37 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 24E49AE051; Mon, 20 May 2019 21:20:37 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EE5F9AE04D; Mon, 20 May 2019 21:20:35 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.80.109]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 May 2019 21:20:35 +0000 (GMT) Subject: Re: [PATCH 4/4] ima: only audit failed appraisal verifications From: Mimi Zohar To: Roberto Sassu , dmitry.kasatkin@huawei.com, mjg59@google.com Cc: linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com, stable@vger.kernel.org Date: Mon, 20 May 2019 17:20:25 -0400 In-Reply-To: <20190516161257.6640-4-roberto.sassu@huawei.com> References: <20190516161257.6640-1-roberto.sassu@huawei.com> <20190516161257.6640-4-roberto.sassu@huawei.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19052021-0020-0000-0000-0000033EB794 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19052021-0021-0000-0000-00002191919C Message-Id: <1558387225.4039.78.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-20_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905200132 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Thu, 2019-05-16 at 18:12 +0200, Roberto Sassu wrote: > This patch ensures that integrity_audit_msg() is called only when the > status is not INTEGRITY_PASS. > > Fixes: 8606404fa555c ("ima: digital signature verification support") > Signed-off-by: Roberto Sassu > Cc: stable@vger.kernel.org > --- > security/integrity/ima/ima_appraise.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index a32ed5d7afd1..f5f4506bcb8e 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -359,8 +359,9 @@ int ima_appraise_measurement(enum ima_hooks func, > status = INTEGRITY_PASS; > } > > - integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, > - op, cause, rc, 0); > + if (status != INTEGRITY_PASS) > + integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, > + filename, op, cause, rc, 0); For some reason, the integrity verification has failed.  In some specific cases, we'll let it pass, but do we really want to remove any indication that it failed in all cases? Mimi > } else { > ima_cache_flags(iint, func); > }