lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Nov 2013 14:45:38 +0100
From:	Roberto Sassu <roberto.sassu@...ito.it>
To:	linux-security-module@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org,
	linux-ima-devel@...ts.sourceforge.net, zohar@...ibm.com,
	d.kasatkin@...sung.com, james.l.morris@...cle.com,
	Roberto Sassu <roberto.sassu@...ito.it>
Subject: [PATCH 0/6] ima: fixes for the new template management mechanism

Hi everyone

this patch set fixes some issues in the new template management mechanism.
In particular, first four patches are simple bug fixes, explained in the patch
description, while last two restore the original IMA behavior when producing
a measurement entry with the old 'ima' template'. In respect to the behavior
adopted for newly introduced templates ('ima-ng' and 'ima-sig'), where
the total template length and the field length are sent through the
'binary_runtime_measurements' interface and the latter information is included
in the calculation of the template digest, for the old 'ima' template it is
necessary to handle the following exceptions:

 - the event digest field length is NOT sent through the userspace interface
   and is NOT included in the template digest calculation;
 - the event name field length is sent through the userspace interface
   but is NOT included in the template digest calculation.


Regards

Roberto Sassu


Roberto Sassu (6):
  ima: change the default hash algorithm to SHA1 in
    ima_eventdigest_ng_init()
  ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()
  ima: remove unneeded size_limit argument from
    ima_eventdigest_init_common()
  ima: check result of crypto_shash_update() in
    ima_calc_field_array_hash_tfm
  ima: do not include field length in template digest calc for ima
    template
  ima: do not send field length to userspace for digest of ima template

 security/integrity/ima/ima.h              |  6 ++++--
 security/integrity/ima/ima_api.c          |  1 +
 security/integrity/ima/ima_crypto.c       | 17 ++++++++++++-----
 security/integrity/ima/ima_fs.c           | 14 +++++++++++---
 security/integrity/ima/ima_template_lib.c | 24 +++++++++++++-----------
 5 files changed, 41 insertions(+), 21 deletions(-)

-- 
1.8.1.4


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (2061 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ