From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: Paul Moore <paul@paul-moore.com>,
Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-security-module@vger.kernel.org, audit@vger.kernel.org,
Mimi Zohar <zohar@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Eric Snowberg <eric.snowberg@oracle.com>
Subject: Re: [PATCH RFC v1 4/7] integrity: Fix inode numbers in audit records
Date: Fri, 11 Oct 2024 14:45:12 +0200 [thread overview]
Message-ID: <bb67b4e9c58988f81fc37950f5227a0f33e216e7.camel@huaweicloud.com> (raw)
In-Reply-To: <20241011.upah1Ek3faiB@digikod.net>
On Fri, 2024-10-11 at 14:38 +0200, Mickaël Salaün wrote:
> On Fri, Oct 11, 2024 at 01:34:39PM +0200, Roberto Sassu wrote:
> > On Fri, 2024-10-11 at 12:15 +0200, Mickaël Salaün wrote:
> > > On Thu, Oct 10, 2024 at 09:20:52PM -0400, Paul Moore wrote:
> > > > On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net> wrote:
> > > > >
> > > > > Use the new inode_get_ino() helper to log the user space's view of
> > > > > inode's numbers instead of the private kernel values.
> > > > >
> > > > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > > > Cc: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
> > > > > Cc: Eric Snowberg <eric.snowberg@oracle.com>
> > > > > Signed-off-by: Mickaël Salaün <mic@digikod.net>
> > > > > ---
> > > > > security/integrity/integrity_audit.c | 2 +-
> > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > Should we also need to update the inode value used in hmac_add_misc()?
> > >
> > > I'm not sure what the impact will be wrt backward compatibility. Mimi,
> > > Roberto?
> >
> > Changing the inode number the HMAC was calculated with has the
> > potential effect of making the file inaccessible.
> >
> > In order to use the new inode number, we need to define a new EVM xattr
> > type, and update the previous xattr version with the new one. We could
> > deprecate the old xattr version after a while (to be discussed with
> > Mimi).
>
> That was my though. I don't we should patch hmac_add_misc() because it
> is already in the IMA/EVM ABI and not directly reflected to user space.
> The issue might be that user space cannot recreate this hmac because
> this private inode number is not known to user space, but I don't know
> if there is such user space implementation of IMA/EVM.
EVM will recalculate the HMAC of the file metadata based on the new
inode number, and will conclude that metadata was corrupted (same as if
someone modified a protected xattr during an offline attack).
Roberto
> >
> > Roberto
> >
> > > >
> > > > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> > > > index 7c06ffd633d2..68ae454e187f 100644
> > > > --- a/security/integrity/evm/evm_crypto.c
> > > > +++ b/security/integrity/evm/evm_crypto.c
> > > > @@ -155,7 +155,7 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
> > > > * signatures
> > > > */
> > > > if (type != EVM_XATTR_PORTABLE_DIGSIG) {
> > > > - hmac_misc.ino = inode->i_ino;
> > > > + hmac_misc.ino = inode_get_ino(inode->i_ino);
> > > > hmac_misc.generation = inode->i_generation;
> > > > }
> > > > /* The hmac uid and gid must be encoded in the initial user
> > > >
> > > > --
> > > > paul-moore.com
> >
> >
next prev parent reply other threads:[~2024-10-11 12:45 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-10 15:26 [RFC PATCH v1 1/7] fs: Add inode_get_ino() and implement get_ino() for NFS Mickaël Salaün
2024-10-10 15:26 ` [RFC PATCH v1 2/7] audit: Fix inode numbers Mickaël Salaün
2024-10-11 1:20 ` [PATCH RFC " Paul Moore
2024-10-11 1:38 ` Paul Moore
2024-10-11 21:34 ` [RFC PATCH " Paul Moore
2024-10-14 13:30 ` Mickaël Salaün
2024-10-14 23:36 ` Paul Moore
2024-10-10 15:26 ` [RFC PATCH v1 3/7] selinux: Fix inode numbers in error messages Mickaël Salaün
2024-10-11 1:20 ` [PATCH RFC " Paul Moore
2024-10-10 15:26 ` [RFC PATCH v1 4/7] integrity: Fix inode numbers in audit records Mickaël Salaün
2024-10-11 1:20 ` [PATCH RFC " Paul Moore
2024-10-11 10:15 ` Mickaël Salaün
2024-10-11 11:34 ` Roberto Sassu
2024-10-11 12:38 ` Mickaël Salaün
2024-10-11 12:45 ` Roberto Sassu [this message]
2024-10-10 15:26 ` [RFC PATCH v1 5/7] ipe: " Mickaël Salaün
2024-10-10 17:44 ` Fan Wu
2024-10-10 15:26 ` [RFC PATCH v1 6/7] smack: Fix inode numbers in logs Mickaël Salaün
2024-10-10 17:18 ` Casey Schaufler
2024-10-10 15:26 ` [RFC PATCH v1 7/7] tomoyo: " Mickaël Salaün
2024-10-12 7:35 ` [PATCH] tomoyo: use u64 for handling numeric values Tetsuo Handa
2024-10-14 13:59 ` Mickaël Salaün
2024-10-10 18:07 ` [RFC PATCH v1 1/7] fs: Add inode_get_ino() and implement get_ino() for NFS Anna Schumaker
2024-10-11 10:14 ` Mickaël Salaün
2024-10-10 19:28 ` Trond Myklebust
2024-10-11 10:15 ` Mickaël Salaün
2024-10-11 12:22 ` Trond Myklebust
2024-10-11 12:38 ` Mickaël Salaün
2024-10-11 12:43 ` Mickaël Salaün
2024-10-11 10:12 ` Tetsuo Handa
2024-10-11 10:54 ` Tetsuo Handa
2024-10-11 11:10 ` Mickaël Salaün
2024-10-11 11:04 ` Mickaël Salaün
2024-10-11 14:27 ` Tetsuo Handa
2024-10-11 15:13 ` Christoph Hellwig
2024-10-11 15:26 ` Mickaël Salaün
2024-10-11 12:30 ` Christoph Hellwig
2024-10-11 12:47 ` Mickaël Salaün
2024-10-11 12:54 ` Christoph Hellwig
2024-10-11 13:20 ` Mickaël Salaün
2024-10-11 13:23 ` Christoph Hellwig
2024-10-11 13:52 ` Mickaël Salaün
2024-10-11 14:39 ` Christoph Hellwig
2024-10-11 15:30 ` Mickaël Salaün
2024-10-11 15:34 ` Christoph Hellwig
2024-10-14 14:35 ` Christian Brauner
2024-10-14 14:36 ` Christoph Hellwig
2024-10-13 10:17 ` Jeff Layton
2024-10-14 8:40 ` Burn Alting
2024-10-14 9:02 ` Christoph Hellwig
2024-10-14 12:12 ` Burn Alting
2024-10-14 12:17 ` Christoph Hellwig
2024-10-14 13:13 ` Mickaël Salaün
[not found] ` <9c3bc3b7-2e79-4423-b8eb-f9f6249ee5bf@iinet.net.au>
2024-10-14 10:22 ` Jeff Layton
2024-10-14 14:45 ` Christian Brauner
2024-10-14 15:27 ` Mickaël Salaün
2024-10-16 0:15 ` Paul Moore
2024-10-14 14:47 ` Christian Brauner
2024-10-14 17:51 ` Mickaël Salaün
2024-10-16 14:23 ` Christian Brauner
2024-10-16 23:05 ` Paul Moore
2024-10-17 14:30 ` Trond Myklebust
2024-10-17 14:54 ` Paul Moore
2024-10-17 14:58 ` Christoph Hellwig
2024-10-17 15:15 ` Paul Moore
2024-10-17 15:25 ` Christoph Hellwig
2024-10-17 16:43 ` Jan Kara
2024-10-18 5:15 ` Christoph Hellwig
2024-10-21 13:17 ` Christian Brauner
2024-10-17 17:05 ` Jeff Layton
2024-10-17 17:09 ` Trond Myklebust
2024-10-17 17:59 ` Jeff Layton
2024-10-17 21:06 ` Trond Myklebust
2024-10-18 5:18 ` hch
2024-10-17 20:21 ` Paul Moore
2024-10-18 12:25 ` Jan Kara
2024-10-21 13:13 ` Christian Brauner
2024-10-21 14:04 ` Christian Brauner
2024-10-17 14:56 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bb67b4e9c58988f81fc37950f5227a0f33e216e7.camel@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=audit@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).