lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 23 Mar 2007 12:52:01 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	linux-kernel@...r.kernel.org
Cc:	safford@...son.ibm.com, serue@...ux.vnet.ibm.com,
	kjhall@...ux.vnet.ibm.com, zohar@...ibm.com, akpm@...l.org
Subject: [Patch -mm 1/1] SLIM Integrity Patch

This is a minor patch to SLIM that only addresses the integrity service
issues, to be reviewed in conjuction with the integrity service 
framework and provider that were just posted.

(A major patch will be released to address the other issues previously 
discussed on the lkml mailing list shortly.)

signed-off-by: Mimi Zohar <zohar@...ibm.com>
---

Index: linux-2.6.21-rc4-mm1/security/slim/slm_main.c
===================================================================
--- linux-2.6.21-rc4-mm1.orig/security/slim/slm_main.c
+++ linux-2.6.21-rc4-mm1/security/slim/slm_main.c
@@ -1,7 +1,7 @@
 /*
  * SLIM - Simple Linux Integrity Module
  *
- * Copyright (C) 2005,2006 IBM Corporation
+ * Copyright (C) 2005,2006,2007 IBM Corporation
  * Author: Mimi Zohar <zohar@...ibm.com>
  * 	   Kylene Hall <kjhall@...ibm.com>
  *
@@ -32,6 +32,29 @@
 extern struct security_operations dummy_security_ops;
 
 unsigned int slm_debug = SLM_BASE;
+
+#ifdef CONFIG_SECURITY_SLIM_BOOTPARAM
+int slim_enabled = CONFIG_SECURITY_SLIM_BOOTPARAM_VALUE;
+
+static int __init slim_enabled_setup(char *str)
+{
+	slim_enabled = simple_strtol(str, NULL, 0);
+	return 1;
+}
+__setup("slim=", slim_enabled_setup);
+#else
+int slim_enabled = 1;
+#endif
+
+unsigned int integrity_enforce = 0;
+static int __init integrity_enforce_setup(char *str)
+{
+	integrity_enforce = simple_strtol(str, NULL, 0);
+	return 1;
+}
+
+__setup("slim_integrity_enforce=", integrity_enforce_setup);
+
 #define XATTR_NAME "security.slim.level"
 
 #define ZERO_STR "0"
@@ -319,16 +342,13 @@ static int slm_get_xattr(struct dentry *
 			"(rc: %d - status: %d)\n",
 			dentry->d_name.name, rc, *status);
 
-	} else if (rc >=0 && *status == INTEGRITY_PASS && xattr_value) {
-		rc = slm_parse_xattr(xattr_value, xattr_len, level);
+	} else {
+		if (!integrity_enforce)
+			*status = INTEGRITY_PASS;
+
+		if (rc >= 0 && xattr_value && *status != INTEGRITY_FAIL)
+			rc = slm_parse_xattr(xattr_value, xattr_len, level);
 		kfree(xattr_value);
-		if (rc == 0 && level->iac_level != SLM_IAC_UNTRUSTED) {
-			rc = integrity_verify_data(dentry, status);
-			if ((rc < 0) || (*status != INTEGRITY_PASS))
-				dprintk(SLM_BASE, "%s integrity_verify_data failed "
-				" (rc: %d status: %d)\n", dentry->d_name.name,
-					rc, *status);
-		}
 	}
 	return rc;
 }
@@ -392,13 +412,12 @@ static void update_level(struct dentry *
 			break;
 		}
 	} else {
-		switch(status) {
-			case INTEGRITY_FAIL:
-			case INTEGRITY_NOLABEL:
-				dprintk(SLM_INTEGRITY, "%s: %s FAIL/NOLABEL (%d)\n",
+		switch (status) {
+		case INTEGRITY_FAIL:
+			dprintk(SLM_INTEGRITY, "%s: %s FAIL(%d)\n",
 				__FUNCTION__, dentry->d_name.name, rc);
-				set_level_untrusted(level);
-				break;
+			set_level_untrusted(level);
+			break;
 		}
 	}
 }
@@ -699,8 +718,28 @@ static int slm_inode_permission(struct i
 
 	slm_get_level(dentry, &level);
 
-	/* measure all SYSTEM level integrity objects */
-	if (level.iac_level == SLM_IAC_SYSTEM)
+	/* verify data for all trusted integrity objects */
+	if (level.iac_level != SLM_IAC_UNTRUSTED) {
+		int status;
+
+		rc = integrity_verify_data(dentry, &status);
+		switch (status) {
+		case INTEGRITY_FAIL:
+			dprintk(SLM_INTEGRITY, "%s: %s (Integrity status: "
+				" FAIL)\n", __FUNCTION__, fname);
+			if (integrity_enforce)
+				set_level_untrusted(&level);
+			break;
+		case INTEGRITY_NOLABEL:
+			dprintk(SLM_INTEGRITY, "%s: %s (Integrity status: "
+				" NOLABEL)\n", __FUNCTION__, fname);
+		default:
+			break;
+		}
+	}
+
+	/* measure all SYSTEM level integrity objects to be read */
+	if ((level.iac_level == SLM_IAC_SYSTEM) && (mask == MAY_READ))
 		integrity_measure(dentry, fname, mask);
 
 	rc = slm_set_taskperm(mask, &level, fname);
@@ -789,7 +828,6 @@ static int slm_set_xattr(struct slm_file
 		memcpy(bufp, slm_iac_str[level->iac_level], len);
 		bufp += len;
 	}
-	*bufp++ = ' ';
 	xattr_len = bufp - buf;
 
 	/* point after 'security.' */
@@ -1410,23 +1448,25 @@ static int slm_bprm_check_security(struc
 
 	/* Possible return codes: PERMIT, DENY, NOLABEL */
 	rc = integrity_verify_data(dentry, &status);
-	if (rc < 0)
+	if ((rc < 0) && integrity_enforce)
 		return rc;
 
-	switch(status) {
+	switch (status) {
 	case INTEGRITY_FAIL:
 		if (!is_kernel_thread(current)) {
 			dprintk(SLM_BASE,
 				"%s: %s (Integrity status: FAIL)\n",
 				__FUNCTION__, bprm->filename);
-			return -EACCES;
+			if (integrity_enforce)
+				return -EACCES;
 		}
 		break;
 	case INTEGRITY_NOLABEL:
 		dprintk(SLM_BASE,
 			"%s: %s (Integrity status: NOLABEL)\n",
 			__FUNCTION__, bprm->filename);
-		level.iac_level = SLM_IAC_UNTRUSTED;
+		if (integrity_enforce)
+			level.iac_level = SLM_IAC_UNTRUSTED;
 	}
 
 	rc = enforce_integrity_execute(bprm, &level, cur_tsec);
@@ -1609,18 +1649,6 @@ static struct security_operations slm_se
 	.d_instantiate = slm_d_instantiate
 };
 
-#ifdef CONFIG_SECURITY_SLIM_BOOTPARAM
-int slim_enabled = CONFIG_SECURITY_SLIM_BOOTPARAM_VALUE;
-
-static int __init slim_enabled_setup(char *str)
-{
-	slim_enabled = simple_strtol(str, NULL, 0);
-	return 1;
-}
-__setup("slim=", slim_enabled_setup);
-#else
-int slim_enabled = 1;
-#endif
 static int __init init_slm(void)
 {
 	int rc;
Index: linux-2.6.21-rc4-mm1/security/slim/Kconfig
===================================================================
--- linux-2.6.21-rc4-mm1.orig/security/slim/Kconfig
+++ linux-2.6.21-rc4-mm1/security/slim/Kconfig
@@ -23,7 +23,7 @@ config SECURITY_SLIM_BOOTPARAM_VALUE
 	int "SLIM boot parameter default value"
 	depends on SECURITY_SLIM_BOOTPARAM
 	range 0 1
-	default 1
+	default 0
 	help
 	  This option sets the default value for the kernel parameter
 	  'slim', which allows SLIM to be disabled at boot.  If this
@@ -32,5 +32,5 @@ config SECURITY_SLIM_BOOTPARAM_VALUE
 	  set to 1 (one), the SLIM kernel parameter will default to 1,
 	  enabling SLIM at bootup.
 
-	  If you are unsure how to answer this question, answer 1.
+	  If you are unsure how to answer this question, answer 0.
 



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ