lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190503222523.6294-1-prsriva02@gmail.com>
Date:   Fri,  3 May 2019 15:25:18 -0700
From:   Prakhar Srivastava <prsriva02@...il.com>
To:     linux-integrity@...r.kernel.org,
        linux-secuirty-module@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     zohar@...ux.ibm.com, ebiederm@...ssion.com, vgoyal@...hat.com,
        nayna@...ux.ibm.com, nramas@...rosoft.com, prsriva@...rosoft.com,
        Prakhar Srivastava <prsriva02@...il.com>
Subject: [PATCH 0/5 v4] Kexec cmdline bufffer measure

From: Prakhar Srivastava <prsriva02@...il.com>

For Kexec scenario(kexec_file_load) cmdline args are passed to the
next kerenel. These cmldine args used to load the next kernel can 
have undesired/unwanted configs. To guard against any unwanted cmdline
args being passed to the next kernel. The current kernel should measure
the cmdline args to the next kernel, the same takes place in the EFI
bootloader. Thus on kexec the boot_aggregate does not change.

Currently the cmdline args are not measured, this changeset adds a new
ima and LSM hook for buffer measure and calls into the same to measure
the cmdline args passed to the next kernel.The cdmline args meassured
can then be used as an attestation criteria.

The ima logs need to injected into the next kernel, which will be followed
up by other patchsets.


Changelog:
v4:
  - per feedback from LSM community, removed the LSM hook and renamed the
    IMA policy to KEXEC_CMDLINE[Suggested by: Mimi Zohar]

v3: (rebase changes to next-general)
  - Add policy checks for buffer[suggested by Mimi Zohar]
  - use the IMA_XATTR to add buffer
  - Add kexec_cmdline used for kexec file load
  - Add an LSM hook to allow usage by other LSM.[suggestd by Mimi Zohar]

v2:
  - Add policy checks for buffer[suggested by Mimi Zohar]
  - Add an LSM hook to allow usage by other LSM.[suggestd by Mimi Zohar]
  - use the IMA_XATTR to add buffer instead of sig template

v1:
  -Add kconfigs to control the ima_buffer_check
  -measure the cmdline args suffixed with the kernel file name
  -add the buffer to the template sig field.

Prakhar Srivastava (5):
  added a new ima policy func buffer_check, and ima hook to measure the
    buffer hash into ima
  add the buffer to the xattr
  add kexec_cmdline used to ima
  added LSM hook to call ima_buffer_check
  removed the LSM hook made available, and renamed the ima_policy to be
    KEXEC_CMDLINE

 Documentation/ABI/testing/ima_policy      |   1 +
 include/linux/ima.h                       |   3 +
 include/linux/security.h                  |   2 +
 kernel/kexec_core.c                       |   2 +-
 kernel/kexec_file.c                       |   4 +
 kernel/kexec_internal.h                   |   4 +-
 security/integrity/ima/ima.h              |   1 +
 security/integrity/ima/ima_api.c          |   1 +
 security/integrity/ima/ima_main.c         | 115 ++++++++++++++++++++++
 security/integrity/ima/ima_policy.c       |   8 ++
 security/integrity/ima/ima_template_lib.c |   3 +-
 security/integrity/integrity.h            |   1 +
 12 files changed, 142 insertions(+), 3 deletions(-)

-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ