| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Nov 2013 22:24:57 +0200 From: Dmitry Kasatkin <d.kasatkin@...sung.com> To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, linux-security-module@...r.kernel.org, zohar@...ux.vnet.ibm.com, jmorris@...ei.org Cc: dmitry.kasatkin@...il.com, Dmitry Kasatkin <d.kasatkin@...sung.com> Subject: [PATCH 0/2] ima: directory integrity appraisal Hello, This patchset provides extension to IMA to protect appraisal of directories. Both IMA-appraisal and EVM protect the integrity of regular files. IMA protects file data integrity, while EVM protects the file meta-data integrity, such as file attributes and extended attributes. This patch set adds offline directory integrity protection. An inode itself does not have any file name associated with it. The association of the file name to inode is done via directory entries. On a running system, mandatory and/or discretionary access control prevent unprivileged file deletion, file name change, or hardlink creation. In an offline attack, without these protections, the association between a file name and an inode is unprotected. Files can be deleted, renamed or moved from one directory to another. In all of these cases, the integrity of the file data and metadata are good. To prevent such attacks, it is necessary to protect the integrity of the directory content. This patchset calculates a hash of the directory content and verify this hash against good reference value stored in 'security.ima' extended attribute. The directory hash is a hash over the list of directory entries, that includes name, ino, d_type. Initial idea how to calculate the directory hash was suggested by Jayant Mangalampalli (Intel). This patchset adds 2 new hooks for directory integrity protection: ima_dir_check() and ima_dir_update(). ima_dir_check() verifies the directory integrity during the initial path lookup, when the dentry is just being created and may block. It allocates the needed data structures and performs the integrity verification. The results of which are cached. Subsequent calls mostly happen under RCU locking, when the code may not block, and returns immediately with the cached verification status. So ima_dir_check() does not interrupt RCU path walk. ima_dir_update(), which is called from several places in namei.c when the directory content is changing, for updating the directory hash. - Dmitry Dmitry Kasatkin (2): ima: hooks for directory integrity protection ima: directory integrity protection implementation fs/namei.c | 42 ++++- fs/open.c | 6 + include/linux/ima.h | 23 +++ net/unix/af_unix.c | 2 + security/integrity/ima/Kconfig | 10 + security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_dir.c | 358 ++++++++++++++++++++++++++++++++++++ security/integrity/ima/ima_main.c | 3 + security/integrity/ima/ima_policy.c | 2 + 10 files changed, 446 insertions(+), 4 deletions(-) create mode 100644 security/integrity/ima/ima_dir.c -- 1.8.3.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists