lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <3699a6ea9f31f0d987eae1d1c113cccc84d4a41d.1328122362.git.dmitry.kasatkin@intel.com>
Date:	Wed,  1 Feb 2012 22:25:03 +0200
From:	Dmitry Kasatkin <dmitry.kasatkin@...el.com>
To:	linux-security-module@...r.kernel.org
Cc:	jmorris@...ei.org, linux-kernel@...r.kernel.org,
	zohar@...ux.vnet.ibm.com
Subject: [RFC][PATCH v1 1/2] integrity: add ima_module_check hook

IMA measures/appraises modules when modprobe or insmod opens and read them.
Unfortunately, there are no guarantees between what is read by userspace and
what is passed to the kernel via load_module system call. This patch adds a
hook called module_check() to verify the integrity of the module being loaded.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com>
---
 include/linux/integrity.h |   10 ++++++++++
 kernel/module.c           |   20 +++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/include/linux/integrity.h b/include/linux/integrity.h
index 66c5fe9..68419d4 100644
--- a/include/linux/integrity.h
+++ b/include/linux/integrity.h
@@ -37,4 +37,14 @@ static inline void integrity_inode_free(struct inode *inode)
 	return;
 }
 #endif /* CONFIG_INTEGRITY_H */
+
+#ifdef CONFIG_INTEGRITY_MODULES
+int module_check(const void *hdr, const unsigned long len, char **args);
+#else
+static inline int module_check(const void *buf, unsigned long len, char **args)
+{
+	return 0;
+}
+#endif
+
 #endif /* _LINUX_INTEGRITY_H */
diff --git a/kernel/module.c b/kernel/module.c
index 2c93276..9d97928 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,7 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
+#include <linux/integrity.h>
 
 #define CREATE_TRACE_POINTS
 #include <trace/events/module.h>
@@ -2839,6 +2840,7 @@ static struct module *load_module(void __user *umod,
 	struct load_info info = { NULL, };
 	struct module *mod;
 	long err;
+	char *args = NULL;
 
 	pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
 	       umod, len, uargs);
@@ -2848,6 +2850,16 @@ static struct module *load_module(void __user *umod,
 	if (err)
 		return ERR_PTR(err);
 
+	args = strndup_user(uargs, ~0UL >> 1);
+	if (IS_ERR(args)) {
+		err = PTR_ERR(args);
+		goto free_copy;
+	}
+
+	err = module_check(info.hdr, info.len, &args);
+	if (err < 0)
+		goto free_copy;
+
 	/* Figure out module layout, and allocate all the memory. */
 	mod = layout_and_allocate(&info);
 	if (IS_ERR(mod)) {
@@ -2887,11 +2899,8 @@ static struct module *load_module(void __user *umod,
 	flush_module_icache(mod);
 
 	/* Now copy in args */
-	mod->args = strndup_user(uargs, ~0UL >> 1);
-	if (IS_ERR(mod->args)) {
-		err = PTR_ERR(mod->args);
-		goto free_arch_cleanup;
-	}
+	mod->args = args;
+	args = NULL;
 
 	/* Mark state as coming so strong_try_module_get() ignores us. */
 	mod->state = MODULE_STATE_COMING;
@@ -2959,6 +2968,7 @@ static struct module *load_module(void __user *umod,
  free_module:
 	module_deallocate(mod, &info);
  free_copy:
+	kfree(args);
 	free_copy(&info);
 	return ERR_PTR(err);
 }
-- 
1.7.5.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ