lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 May 2019 22:07:08 -0700 From: prakhar srivastava <prsriva02@...il.com> To: Roberto Sassu <roberto.sassu@...wei.com> Cc: linux-integrity@...r.kernel.org, inux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ux.ibm.com>, ebiederm@...ssion.com, vgoyal@...hat.com, Prakhar Srivastava <prsriva@...rosoft.com> Subject: Re: [PATCH 2/3 v5] add a new template field buf to contain the buffer On Mon, May 13, 2019 at 6:48 AM Roberto Sassu <roberto.sassu@...wei.com> wrote: > > On 5/11/2019 12:37 AM, Prakhar Srivastava wrote: > > From: Prakhar Srivastava <prsriva02@...il.com> > > > > The buffer(cmdline args) added to the ima log cannot be attested > > without having the actual buffer. Thus to make the measured buffer > > available to store/read a new ima template (buf) is added. > > Hi Prakhar > > please fix the typos. More comments below. > > > > + buffer_event_data->type = IMA_XATTR_BUFFER; > > + buffer_event_data->buf_length = size; > > + memcpy(buffer_event_data->buf, buf, size); > > + > > + event_data.xattr_value = (struct evm_ima_xattr_data *)buffer_event_data; > > + event_data.xattr_len = alloc_length; > > I would prefer that you introduce two new fields in the ima_event_data > structure. You can initialize them directly with the parameters of > process_buffer_measurement(). I will make the edits, this will definitely save the kzalloc in this code path. > > ima_write_template_field_data() will make > a copy. > Since event_data->type is used to distinguish what the template field should contain. Removing the type and subsequent check in the template_init, buf template fmt will result in the whole event_Data structure being added to the log, which is not the expected output. For buffer entries, the buf templet fmt will contains the buffer itself. > > > + .field_show = ima_show_template_buf}, > > Please update Documentation/security/IMA-templates.rst Will update the documentation. Thanks, Prakhar Srivastava > > Thanks > > Roberto
Powered by blists - more mailing lists