lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <46ce17543ea05839467fab8865826a0492e8632b.camel@linux.ibm.com>
Date:   Mon, 21 Jun 2021 09:25:40 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Roberto Sassu <roberto.sassu@...wei.com>, paul@...l-moore.com,
        stephen.smalley.work@...il.com, casey@...aufler-ca.com,
        stefanb@...ux.ibm.com
Cc:     linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH v2] evm: Check xattr size discrepancy between kernel and
 user

On Mon, 2021-06-21 at 14:29 +0200, Roberto Sassu wrote:
> The kernel and the user obtain an xattr value in two different ways:
> 
> kernel (EVM): uses vfs_getxattr_alloc() which obtains the xattr value from
>               the filesystem handler (raw value);
> 
> user (ima-evm-utils): uses vfs_getxattr() which obtains the xattr value
>                       from the LSMs (normalized value).
> 
> Normally, this does not have an impact unless security.selinux is set with
> setfattr, with a value not terminated by '\0' (this is not the recommended
> way, security.selinux should be set with the appropriate tools such as
> chcon and restorecon).
> 
> In this case, the kernel and the user see two different xattr values: the
> former sees the xattr value without '\0' (raw value), the latter sees the
> value with '\0' (value normalized by SELinux).
> 
> This could result in two different verification outcomes from EVM and
> ima-evm-utils, if a signature was calculated with a security.selinux value
> terminated by '\0' and the value set in the filesystem is not terminated by
> '\0'. The former would report verification failure due to the missing '\0',
> while the latter would report verification success (because it gets the
> normalized value with '\0').
> 
> This patch mitigates this issue by comparing in evm_calc_hmac_or_hash() the
> size of the xattr returned by the two xattr functions and by warning the
> user if there is a discrepancy.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>

Thanks, Roberto.

Applied to: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-
integrity.git next-integrity-testing branch.

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ