lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 6 Jun 2019 13:43:58 +0200
From:   Roberto Sassu <roberto.sassu@...wei.com>
To:     <zohar@...ux.ibm.com>, <dmitry.kasatkin@...wei.com>,
        <mjg59@...gle.com>
CC:     <linux-integrity@...r.kernel.org>,
        <linux-security-module@...r.kernel.org>,
        <linux-doc@...r.kernel.org>, <stable@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <silviu.vlasceanu@...wei.com>
Subject: Re: [PATCH v3 0/2] ima/evm fixes for v5.2

On 6/6/2019 1:26 PM, Roberto Sassu wrote:
> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> EVM status'. However, I realized that this patch cannot be accepted alone
> because IMA-Appraisal would deny access to new files created during the
> boot. With the current behavior, those files are accessible because they
> have a valid security.ima (not protected by EVM) created after the first
> write.
> 
> A solution for this problem is to initialize EVM very early with a random
> key. Access to created files will be granted, even with the strict
> appraisal, because after the first write those files will have both
> security.ima and security.evm (HMAC calculated with the random key).
> 
> Strict appraisal will work only if it is done with signatures until the
> persistent HMAC key is loaded.

Changelog

v2:
- remove patch 1/3 (evm: check hash algorithm passed to init_desc());
   already accepted
- remove patch 3/3 (ima: show rules with IMA_INMASK correctly);
   already accepted
- add new patch (evm: add option to set a random HMAC key at early boot)
- patch 2/3: modify patch description

v1:
- remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file
   attributes cannot be set if the signature is portable and immutable
- patch 3/4: add __ro_after_init to ima_appraise_req_evm variable
   declaration
- patch 3/4: remove ima_appraise_req_evm kernel option and introduce
   'enforce-evm' and 'log-evm' as possible values for ima_appraise=
- remove patch 4/4 (ima: only audit failed appraisal verifications)
- add new patch (ima: show rules with IMA_INMASK correctly)


> Roberto Sassu (2):
>    evm: add option to set a random HMAC key at early boot
>    ima: add enforce-evm and log-evm modes to strictly check EVM status
> 
>   .../admin-guide/kernel-parameters.txt         | 11 ++--
>   security/integrity/evm/evm.h                  | 10 +++-
>   security/integrity/evm/evm_crypto.c           | 57 ++++++++++++++++---
>   security/integrity/evm/evm_main.c             | 41 ++++++++++---
>   security/integrity/ima/ima_appraise.c         |  8 +++
>   security/integrity/integrity.h                |  1 +
>   6 files changed, 106 insertions(+), 22 deletions(-)
> 

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ