| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 May 2019 07:53:51 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...wei.com>,
dmitry.kasatkin@...wei.com, mjg59@...gle.com
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, silviu.vlasceanu@...wei.com,
stable@...r.kernel.org
Subject: Re: [PATCH v2 3/3] ima: show rules with IMA_INMASK correctly
On Wed, 2019-05-29 at 15:30 +0200, Roberto Sassu wrote:
> Show the '^' character when a policy rule has flag IMA_INMASK.
>
> Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy")
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> Cc: stable@...r.kernel.org
Thanks, queued.
> ---
> security/integrity/ima/ima_policy.c | 21 ++++++++++++---------
> 1 file changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index e0cc323f948f..ae4034f041c4 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -1146,10 +1146,10 @@ enum {
> };
>
> static const char *const mask_tokens[] = {
> - "MAY_EXEC",
> - "MAY_WRITE",
> - "MAY_READ",
> - "MAY_APPEND"
> + "^MAY_EXEC",
> + "^MAY_WRITE",
> + "^MAY_READ",
> + "^MAY_APPEND"
> };
>
> #define __ima_hook_stringify(str) (#str),
> @@ -1209,6 +1209,7 @@ int ima_policy_show(struct seq_file *m, void *v)
> struct ima_rule_entry *entry = v;
> int i;
> char tbuf[64] = {0,};
> + int offset = 0;
>
> rcu_read_lock();
>
> @@ -1232,15 +1233,17 @@ int ima_policy_show(struct seq_file *m, void *v)
> if (entry->flags & IMA_FUNC)
> policy_func_show(m, entry->func);
>
> - if (entry->flags & IMA_MASK) {
> + if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) {
> + if (entry->flags & IMA_MASK)
> + offset = 1;
> if (entry->mask & MAY_EXEC)
> - seq_printf(m, pt(Opt_mask), mt(mask_exec));
> + seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset);
> if (entry->mask & MAY_WRITE)
> - seq_printf(m, pt(Opt_mask), mt(mask_write));
> + seq_printf(m, pt(Opt_mask), mt(mask_write) + offset);
> if (entry->mask & MAY_READ)
> - seq_printf(m, pt(Opt_mask), mt(mask_read));
> + seq_printf(m, pt(Opt_mask), mt(mask_read) + offset);
> if (entry->mask & MAY_APPEND)
> - seq_printf(m, pt(Opt_mask), mt(mask_append));
> + seq_printf(m, pt(Opt_mask), mt(mask_append) + offset);
> seq_puts(m, " ");
> }
>
Powered by blists - more mailing lists