lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 30 Jan 2012 17:13:55 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	linux-security-module@...r.kernel.org
Cc:	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	David Safford <safford@...son.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@...el.com>
Subject: [RFC][PATCH v1 0/9] ima: appraisal extension 

This is the initial posting of the IMA-appraisal patch set, separate
from EVM.

IMA currently maintains an integrity measurement list used to assert the
integrity of the running system to a third party.  The IMA-appraisal
extension adds local integrity validation and enforcement of the
measurement against a "good" value stored as an extended attribute
'security.ima'.  The initial methods for validating 'security.ima' are
hashed based, which provides file data integrity, and digital signature
based, which in addition to providing file data integrity, provides
authenticity.

New hooks:
ima_inode_setxattr(), ima_inode_removexattr(), ima_inode_post_setattr()

IMA-appraisal extends the measurement policy ABI with two new keywords:
appraise/dont_appraise and extends the ima_tcb policy to appraise all
files owned by root.  Like the ima_tcb measurement policy, the ima_tcb
appraisal policy does not appraise pseudo filesystem files (eg. debugfs,
tmpfs, securityfs, selinuxfs or ramfs.)

Additional rules can be added to the default IMA measurement/appraisal
policy, which take advantage of the SELinux labels, for a more fine
grained policy.

Locking changes:

The ima-appraisal extension maintains the file integrity measurement as
an extended attribute 'security.ima'.  ima_file_free(), called on __fput(),
updates 'security.ima' to reflect any changes made to the file.  In fix
mode, process_measurement() writes 'security.ima' to reflect the current
file hash.  Writing extended attributes and other file metadata (eg. chmod),
requires taking the i_mutex.  Both ima_file_free() and process_measurement()
took the iint->mutex and then the i_mutex, while chmod() took the locks in
reverse order.  To resolve the potential lock inversion deadlock, the
redundant iint->mutex was eliminated.

Prereqs:
   vfs: fix IMA lockdep circular locking dependency
   vfs: Correctly set the dir i_mutex lockdep class
   vfs: iversion truncate bug fix

Mimi

Dmitry Kasatkin (2):
  ima: allocating iint improvements
  ima: digital signature verification support

Mimi Zohar (7):
  vfs: extend vfs_removexattr locking
  vfs: move ima_file_free before releasing the file
  ima: integrity appraisal extension
  ima: add appraise action keywords and default rules
  ima: add inode_post_setattr call
  ima: add ima_inode_setxattr/removexattr function and calls
  ima: add support for different security.ima data types

 Documentation/ABI/testing/ima_policy  |   25 +++-
 Documentation/kernel-parameters.txt   |    4 +
 fs/attr.c                             |    2 +
 fs/file_table.c                       |    2 +-
 fs/xattr.c                            |    6 +-
 include/linux/ima.h                   |   27 ++++
 include/linux/integrity.h             |    7 +-
 include/linux/xattr.h                 |    3 +
 security/integrity/evm/evm_main.c     |    3 +
 security/integrity/iint.c             |   64 ++++-----
 security/integrity/ima/Kconfig        |   15 ++
 security/integrity/ima/Makefile       |    2 +
 security/integrity/ima/ima.h          |   39 +++++-
 security/integrity/ima/ima_api.c      |   55 +++++--
 security/integrity/ima/ima_appraise.c |  261 +++++++++++++++++++++++++++++++++
 security/integrity/ima/ima_crypto.c   |    9 +-
 security/integrity/ima/ima_main.c     |   89 +++++++----
 security/integrity/ima/ima_policy.c   |   88 ++++++++++--
 security/integrity/integrity.h        |   11 +-
 security/security.c                   |    6 +
 20 files changed, 605 insertions(+), 113 deletions(-)
 create mode 100644 security/integrity/ima/ima_appraise.c

-- 
1.7.6.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists