lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140929162347.GA12303@kroah.com>
Date:	Mon, 29 Sep 2014 12:23:47 -0400
From:	Greg KH <gregkh@...uxfoundation.org>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-ima-devel@...ts.sourceforge.net, dmitry.kasatkin@...il.com,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Joe Perches <joe@...ches.com>,
	Andy Whitcroft <apw@...onical.com>
Subject: Re: [PATCH 1/4] evm: skip replacing EVM signature with HMAC on
 read-only filesystem

On Mon, Sep 29, 2014 at 12:14:31PM -0400, Mimi Zohar wrote:
> On Wed, 2014-09-24 at 15:07 +0300, Dmitry Kasatkin wrote: 
> > If filesystem is mounted read-only or file is immutable, updating
> > xattr will fail. This is a usual case during early boot until
> > filesystem is remount read-write. This patch verifies conditions
> > to skip unnecessary attempt to calculate HMAC and set xattr.
> > 
> > Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com>
> > ---
> >  security/integrity/evm/evm_main.c | 11 ++++++++---
> >  1 file changed, 8 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> > index 9685af3..a30be77 100644
> > --- a/security/integrity/evm/evm_main.c
> > +++ b/security/integrity/evm/evm_main.c
> > @@ -162,9 +162,14 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
> >  					(const char *)xattr_data, xattr_len,
> >  					calc.digest, sizeof(calc.digest));
> >  		if (!rc) {
> > -			/* we probably want to replace rsa with hmac here */
> > -			evm_update_evmxattr(dentry, xattr_name, xattr_value,
> > -				   xattr_value_len);
> > +			/* Replace RSA with HMAC if not mounted readonly and
> > +			 * not immutable
> > +			 */
> > +			if (!IS_RDONLY(dentry->d_inode) &&
> > +					!IS_IMMUTABLE(dentry->d_inode))
> 
> Previously patches conformed to Lindent, unless there was a valid reason
> not to use it, like conflicting with checkpatch.pl.  Joe Perches
> submitted a patch to remove it from the Documentation/CodingStyle a
> while ago -  https://lkml.org/lkml/2013/2/11/390 and recommends using
> "checkpatch.pl --fix" instead.
> 
> Andrew, Greg, what is the current best practice?

I don't understand, what is wrong with the formatting of this patch?  It
looks ok to me.  If you want to indent the second line of the if to the
left some more, that's fine, but just minor nits, nothing major at all.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ