lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3c628dc54804469597a72d03c33e8315@huawei.com>
Date:   Fri, 4 Dec 2020 08:05:05 +0000
From:   Roberto Sassu <roberto.sassu@...wei.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>,
        "mjg59@...gle.com" <mjg59@...gle.com>
CC:     "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Silviu Vlasceanu <Silviu.Vlasceanu@...wei.com>
Subject: RE: [PATCH v3 06/11] evm: Ignore INTEGRITY_NOLABEL if no HMAC key is
 loaded

> From: Mimi Zohar [mailto:zohar@...ux.ibm.com]
> Sent: Thursday, December 3, 2020 9:43 PM
> Hi Roberto,
> 
> On Wed, 2020-11-11 at 10:22 +0100, Roberto Sassu wrote:
> > When a file is being created, LSMs can set the initial label with the
> > inode_init_security hook. If no HMAC key is loaded, the new file will have
> > LSM xattrs but not the HMAC.
> >
> > Unfortunately, EVM will deny any further metadata operation on new
> files,
> > as evm_protect_xattr() will always return the INTEGRITY_NOLABEL error.
> This
> > would limit the usability of EVM when only a public key is loaded, as
> > commands such as cp or tar with the option to preserve xattrs won't work.
> >
> > Ignoring this error won't be an issue if no HMAC key is loaded, as the
> > inode is locked until the post hook, and EVM won't calculate the HMAC on
> > metadata that wasn't previously verified. Thus this patch checks if an
> > HMAC key is loaded and if not, ignores INTEGRITY_NOLABEL.
> 
> I'm not sure what problem this patch is trying to solve.
> evm_protect_xattr() is only called by evm_inode_setxattr() and
> evm_inode_removexattr(), which first checks whether
> EVM_ALLOW_METADATA_WRITES is enabled.

The idea is to also support EVM verification when only a public key
is loaded. An advantage to do that is that for example we can prevent
accidental metadata changes when the signature is portable.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ