[Patch 0/7] integrity service framework and provider

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [Patch 0/7] integrity service framework and provider
@ 2007-03-23 16:08 Mimi Zohar
  2007-03-26 10:27 ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: Mimi Zohar @ 2007-03-23 16:08 UTC (permalink / raw)
  To: linux-kernel; +Cc: safford, serue, kjhall, zohar, akpm

We have addressed the issues raised in the previous RFC postings and 
are now submitting these for your consideration.

This is a set of updates to the integrity service framework, previously 
accepted into -mm, EVM a new integrity service provider, and a new LSM 
module called Integrity Based Access Control(IBAC), a sample consumer of
the integrity framework API.

A corresponding userspace utility package is available at 
http://www.research.ibm.com/gsal/tcpa

Patch 1/7 integrity:new hooks
Patch 2/7 integrity:fs hook placement
Patch 3/7 integrity:EVM as an integrity service provider
Patch 4/7 integrity:IMA integrity_measure() support
Patch 5/7 integrity:mtime patch for mmap files
Patch 6/7 integrity:TPM internal kernel interface
Patch 7/7 integrity:Integrity Based Access Control(IBAC)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Patch 0/7] integrity service framework and provider
  2007-03-23 16:08 [Patch 0/7] integrity service framework and provider Mimi Zohar
@ 2007-03-26 10:27 ` Andrew Morton
  2007-03-26 20:05   ` [Patch -mm] integrity: integrity_dummy_verify_metadata Mimi Zohar
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2007-03-26 10:27 UTC (permalink / raw)
  To: Mimi Zohar; +Cc: linux-kernel, safford, serue, kjhall, zohar

On Fri, 23 Mar 2007 12:08:59 -0400 Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:

> This is a set of updates to the integrity service framework, previously 
> accepted into -mm, EVM a new integrity service provider, and a new LSM 
> module called Integrity Based Access Control(IBAC), a sample consumer of
> the integrity framework API.

I'll fix this:

security/integrity_dummy.c: In function 'dummy_inode_setxattr':
security/integrity_dummy.c:94: warning: implicit declaration of function 'capable'
security/integrity_dummy.c:94: error: 'CAP_SYS_ADMIN' undeclared (first use in this function)
security/integrity_dummy.c:94: error: (Each undeclared identifier is reported only once
security/integrity_dummy.c:94: error: for each function it appears in.)

Then I'll ask you to fix these, some of which are real bugs:

security/integrity_dummy.c: In function 'dummy_verify_metadata':
security/integrity_dummy.c:30: warning: 'error' may be used uninitialized in this function
security/integrity_dummy.c:28: warning: 'value' may be used uninitialized in this function
security/integrity_dummy.c:29: warning: 'size' may be used uninitialized in this function

And then I'll probably end up fixing some of this lot too:

security/evm/evm_main.c: In function 'evm_verify_xattr':
security/evm/evm_main.c:165: warning: format '%d' expects type 'int', but argument 5 has type 'ssize_t'
security/evm/evm_crypto.c: In function 'update_link_hash':
security/evm/evm_crypto.c:94: warning: implicit declaration of function 'kernel_readlink'
security/evm/evm_crypto.c: In function 'evm_init_integrity':
security/evm/evm_crypto.c:187: warning: format '%d' expects type 'int', but argument 4 has type 'size_t'
security/evm/evm_main.c: In function 'init_evm':
security/evm/evm_main.c:903: warning: control may reach end of non-void function 'evm_ima_init' being inlined


How does stuff like this get through?  It's just x86_64 allmodconfig.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Patch -mm] integrity: integrity_dummy_verify_metadata
  2007-03-26 10:27 ` Andrew Morton
@ 2007-03-26 20:05   ` Mimi Zohar
  0 siblings, 0 replies; 3+ messages in thread
From: Mimi Zohar @ 2007-03-26 20:05 UTC (permalink / raw)
  To: linux-kernel; +Cc: safford, serue, kjhall, zohar, akpm


The following patch addresses the missing initialization values bug.

signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---

Index: linux-2.6.21-rc4-mm1/security/integrity_dummy.c
===================================================================
--- linux-2.6.21-rc4-mm1.orig/security/integrity_dummy.c
+++ linux-2.6.21-rc4-mm1/security/integrity_dummy.c
@@ -19,15 +19,15 @@
 #include <linux/xattr.h>
 
 /*
- *  Return the extended attribute
+ *  Return the extended attribute, if requested. 
  */
 static int dummy_verify_metadata(struct dentry *dentry, char *xattr_name,
 				 char **xattr_value, int *xattr_value_len,
 				 int *status)
 {
-	char *value;
-	int size;
-	int error;
+	char *value = NULL;
+	int size = 0;
+	int error = 0;
 
 	if (!status)
 		return -EINVAL;



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-03-26 20:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-23 16:08 [Patch 0/7] integrity service framework and provider Mimi Zohar
2007-03-26 10:27 ` Andrew Morton
2007-03-26 20:05   ` [Patch -mm] integrity: integrity_dummy_verify_metadata Mimi Zohar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox