[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3183edb20e3a84c29be6f3e3b459bf51c3355b6b.camel@linux.ibm.com>
Date: Wed, 16 Sep 2020 12:15:18 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...wei.com>, mjg59@...gle.com
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, silviu.vlasceanu@...wei.com,
stable@...r.kernel.org
Subject: Re: [PATCH v2 04/12] evm: Execute evm_inode_init_security() only
when the HMAC key is loaded
Hi Roberto,
On Fri, 2020-09-04 at 11:23 +0200, Roberto Sassu wrote:
> evm_inode_init_security() requires the HMAC key to calculate the HMAC on
> initial xattrs provided by LSMs. Unfortunately, with the evm_key_loaded()
> check, the function continues even if the HMAC key is not loaded
> (evm_key_loaded() returns true also if EVM has been initialized only with a
> public key). If the HMAC key is not loaded, evm_inode_init_security()
> returns an error later when it calls evm_init_hmac().
This is all true, but the context for why it wasn't an issue previously
is missing.
The original usecase for allowing signature verificaton prior to
loading the HMAC key was a fully signed, possibly immutable, initrd.
No new files were created or, at least, were in policy until the HMAC
key was loaded. More recently support for requiring an EVM HMAC key
was removed. Files having a portable and immutable signature were
given additional privileges.
Please update the patch description with the context of what has
changed.
Mimi
Powered by blists - more mailing lists