lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 12 Aug 2011 00:08:28 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Stephen Rothwell <sfr@...b.auug.org.au>
Cc:	linux-security-module@...r.kernel.org, linux-next@...r.kernel.org,
	linux-kernel@...r.kernel.org, James Morris <jmorris@...ei.org>,
	David Safford <safford@...son.ibm.com>,
	Mimi Zohar <zohar@...ibm.com>
Subject: Re: [PATCH 1/2] evm: building without EVM enabled fixes

On Fri, 2011-08-12 at 12:52 +1000, Stephen Rothwell wrote:
> Hi Mimi,
> 
> On Thu, 11 Aug 2011 00:22:51 -0400 Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> >
> > - Missing 'inline' on evm_inode_setattr() definition.
> > Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent
> > updating an invalid security.evm").
> > 
> > - Missing security_old_inode_init_security() stub function definition.
> > Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security
> > API adds function callback").
> > 
> > Reported-by: Stephen Rothwell <sfr@...b.auug.org.au>
> > Signed-off-by: Mimi Zohar <zohar@...ibm.com>
> > ---
> >  include/linux/evm.h      |    2 +-
> >  include/linux/security.h |    7 +++++++
> >  2 files changed, 8 insertions(+), 1 deletions(-)
> > 
> > diff --git a/include/linux/evm.h b/include/linux/evm.h
> > index db5556d..62deb65 100644
> > --- a/include/linux/evm.h
> > +++ b/include/linux/evm.h
> > @@ -45,7 +45,7 @@ static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
> >  }
> >  #endif
> >  
> > -static int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
> > +static inline int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
> >  {
> >  	return 0;
> >  }
> > diff --git a/include/linux/security.h b/include/linux/security.h
> > index 1c528b1..f399cf1 100644
> > --- a/include/linux/security.h
> > +++ b/include/linux/security.h
> > @@ -2048,6 +2048,13 @@ static inline int security_inode_init_security(struct inode *inode,
> >  	return -EOPNOTSUPP;
> >  }
> >  
> > +int security_old_inode_init_security(struct inode *inode, struct inode *dir,
> > +				     const struct qstr *qstr, char **name,
> > +				     void **value, size_t *len)
> > +{
> > +	return -EOPNOTSUPP;
> > +}
> > +
> 
> These stub functions *must* be "staic inline" (see my build report on
> linux-next) just like the one you fixed above.
> 
> Good plan:  if you introduce a function whose existance (or behaviour)
> depends on a CONFIG option, then build test with and without that CONFIG
> option set.

I really did rebuild and test without EVM enabled.  sigh, it would have
helped to also configure the filesystems which use the stub function.

Mimi



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ