lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1360871745-20616-3-git-send-email-vgoyal@redhat.com>
Date:	Thu, 14 Feb 2013 14:55:41 -0500
From:	Vivek Goyal <vgoyal@...hat.com>
To:	zohar@...ux.vnet.ibm.com, linux-security-module@...r.kernel.org
Cc:	vgoyal@...hat.com, linux-kernel@...r.kernel.org,
	dmitry.kasatkin@...el.com
Subject: [PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

Digital signature verification happens using integrity_digsig_verify().
Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP.
This sounds out of line.

- If appropriate kernel code is not compiled in to verify signature of
  a file, then prractically it is a failed signature.

- For so many other possible errors we are setting the status to fail.
  For example, -EINVAL, -ENOKEY, -ENOMEM, -EINVAL, -ENOTSUPP etc, it
  beats me that why -EOPNOTSUPP is special.

This patch should make the semantics more consistent. That is, if digital
signature is present in security.ima, then any error happened during
signature processing leads to status INTEGRITY_FAIL.

AFAICS, it should not have any user visible effect on existing
application. In some cases we will start returning INTEGRITY_FAIL
instead of INTEGRITY_UNKNOWN. And process_measurement() will deny access
to file both in case of INTEGRITY_UNKNOWN and INTEGRITY_FAIL.

Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
---
 security/integrity/ima/ima_appraise.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 3710f44..6f1eeb8 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -178,9 +178,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
 					     xattr_value->digest, rc - 1,
 					     iint->ima_xattr.digest,
 					     IMA_DIGEST_SIZE);
-		if (rc == -EOPNOTSUPP) {
-			status = INTEGRITY_UNKNOWN;
-		} else if (rc) {
+		if (rc) {
 			cause = "invalid-signature";
 			status = INTEGRITY_FAIL;
 		} else {
-- 
1.7.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ