lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Sep 2014 12:35:29 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-ima-devel@...ts.sourceforge.net, dmitry.kasatkin@...il.com, linux-kernel <linux-kernel@...r.kernel.org>, Joe Perches <joe@...ches.com>, Andy Whitcroft <apw@...onical.com> Subject: Re: [PATCH 1/4] evm: skip replacing EVM signature with HMAC on read-only filesystem On Mon, 2014-09-29 at 12:23 -0400, Greg KH wrote: > On Mon, Sep 29, 2014 at 12:14:31PM -0400, Mimi Zohar wrote: > > On Wed, 2014-09-24 at 15:07 +0300, Dmitry Kasatkin wrote: > > > If filesystem is mounted read-only or file is immutable, updating > > > xattr will fail. This is a usual case during early boot until > > > filesystem is remount read-write. This patch verifies conditions > > > to skip unnecessary attempt to calculate HMAC and set xattr. > > > > > > Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com> > > > --- > > > security/integrity/evm/evm_main.c | 11 ++++++++--- > > > 1 file changed, 8 insertions(+), 3 deletions(-) > > > > > > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > > > index 9685af3..a30be77 100644 > > > --- a/security/integrity/evm/evm_main.c > > > +++ b/security/integrity/evm/evm_main.c > > > @@ -162,9 +162,14 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, > > > (const char *)xattr_data, xattr_len, > > > calc.digest, sizeof(calc.digest)); > > > if (!rc) { > > > - /* we probably want to replace rsa with hmac here */ > > > - evm_update_evmxattr(dentry, xattr_name, xattr_value, > > > - xattr_value_len); > > > + /* Replace RSA with HMAC if not mounted readonly and > > > + * not immutable > > > + */ > > > + if (!IS_RDONLY(dentry->d_inode) && > > > + !IS_IMMUTABLE(dentry->d_inode)) > > > > Previously patches conformed to Lindent, unless there was a valid reason > > not to use it, like conflicting with checkpatch.pl. Joe Perches > > submitted a patch to remove it from the Documentation/CodingStyle a > > while ago - https://lkml.org/lkml/2013/2/11/390 and recommends using > > "checkpatch.pl --fix" instead. > > > > Andrew, Greg, what is the current best practice? > > I don't understand, what is wrong with the formatting of this patch? It > looks ok to me. If you want to indent the second line of the if to the > left some more, that's fine, but just minor nits, nothing major at all. Right, scripts/Lindent is only about formatting, nothing major. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists