| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d20f3ea6f2fe425bb8234b1bd5a2f6a9@huawei.com>
Date: Wed, 22 Apr 2020 15:39:18 +0000
From: Roberto Sassu <roberto.sassu@...wei.com>
To: Mimi Zohar <zohar@...ux.ibm.com>
CC: "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Krzysztof Struczynski <krzysztof.struczynski@...wei.com>,
Silviu Vlasceanu <Silviu.Vlasceanu@...wei.com>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Goldwyn Rodrigues <rgoldwyn@...e.com>
Subject: RE: [PATCH 1/5] ima: Set file->f_mode instead of file->f_flags in
ima_calc_file_hash()
> -----Original Message-----
> From: linux-integrity-owner@...r.kernel.org [mailto:linux-integrity-
> owner@...r.kernel.org] On Behalf Of Mimi Zohar
> Sent: Wednesday, April 22, 2020 2:03 PM
> To: Roberto Sassu <roberto.sassu@...wei.com>
> Cc: linux-integrity@...r.kernel.org; linux-security-module@...r.kernel.org;
> linux-kernel@...r.kernel.org; Krzysztof Struczynski
> <krzysztof.struczynski@...wei.com>; Silviu Vlasceanu
> <Silviu.Vlasceanu@...wei.com>; stable@...r.kernel.org; Goldwyn
> Rodrigues <rgoldwyn@...e.com>
> Subject: Re: [PATCH 1/5] ima: Set file->f_mode instead of file->f_flags in
> ima_calc_file_hash()
>
> [CC'ing Goldwyn Rodrigues]
>
> Hi Roberto,
>
> On Wed, 2020-03-25 at 17:11 +0100, Roberto Sassu wrote:
> > Commit a408e4a86b36 ("ima: open a new file instance if no read
> > permissions") tries to create a new file descriptor to calculate a file
> > digest if the file has not been opened with O_RDONLY flag. However, if a
> > new file descriptor cannot be obtained, it sets the FMODE_READ flag to
> > file->f_flags instead of file->f_mode.
> >
> > This patch fixes this issue by replacing f_flags with f_mode as it was
> > before that commit.
> >
> > Cc: stable@...r.kernel.org # 4.20.x
> > Fixes: a408e4a86b36 ("ima: open a new file instance if no read
> permissions")
> > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> > ---
> > security/integrity/ima/ima_crypto.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima_crypto.c
> b/security/integrity/ima/ima_crypto.c
> > index 423c84f95a14..8ab17aa867dd 100644
> > --- a/security/integrity/ima/ima_crypto.c
> > +++ b/security/integrity/ima/ima_crypto.c
> > @@ -436,7 +436,7 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> > */
>
> Thanks, Roberto. The comment above here and the rest of the code
> refers to flags. Both should be updated as well to reflect using
> f_mode.
>
> > pr_info_ratelimited("Unable to reopen file for
> reading.\n");
> > f = file;
> > - f->f_flags |= FMODE_READ;
> > + f->f_mode |= FMODE_READ;
> > modified_flags = true;
>
> The variable should be changed to "modified_mode".
Ok. I will send a new version of the patch.
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli
> > } else {
> > new_file_instance = true;
> > @@ -456,7 +456,7 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> > if (new_file_instance)
> > fput(f);
> > else if (modified_flags)
> > - f->f_flags &= ~FMODE_READ;
> > + f->f_mode &= ~FMODE_READ;
> > return rc;
> > }
> >
Powered by blists - more mailing lists