| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jul 2021 09:01:06 -0700
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: Roberto Sassu <roberto.sassu@...wei.com>, zohar@...ux.ibm.com,
paul@...l-moore.com
Cc: stephen.smalley.work@...il.com, prsriva02@...il.com,
tusharsu@...ux.microsoft.com, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH v2 1/3] ima: Introduce ima_get_current_hash_algo()
On 7/1/2021 5:55 AM, Roberto Sassu wrote:
> This patch introduces the new function ima_get_current_hash_algo(), that
> callers in the other kernel subsystems might use to obtain the hash
> algorithm selected by IMA.
>
> Its primary use will be to determine which algorithm has been used to
> calculate the digest written by ima_measure_critical_data() to the location
> passed as a new parameter (in a subsequent patch). >
> Since the hash algorithm does not change after the IMA setup phase, there
> is no risk of races (obtaining a digest calculated with a different
> algorithm than the one returned).
Reviewed-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
-lakshmi
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> ---
> include/linux/ima.h | 7 +++++++
> security/integrity/ima/ima_main.c | 5 +++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index 61d5723ec303..81e830d01ced 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -11,9 +11,11 @@
> #include <linux/fs.h>
> #include <linux/security.h>
> #include <linux/kexec.h>
> +#include <crypto/hash_info.h>
> struct linux_binprm;
>
> #ifdef CONFIG_IMA
> +extern enum hash_algo ima_get_current_hash_algo(void);
> extern int ima_bprm_check(struct linux_binprm *bprm);
> extern int ima_file_check(struct file *file, int mask);
> extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
> @@ -64,6 +66,11 @@ static inline const char * const *arch_get_ima_policy(void)
> #endif
>
> #else
> +static inline enum hash_algo ima_get_current_hash_algo(void)
> +{
> + return HASH_ALGO__LAST;
> +}
> +
> static inline int ima_bprm_check(struct linux_binprm *bprm)
> {
> return 0;
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 287b90509006..8ef1fa357e0c 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -76,6 +76,11 @@ static int __init hash_setup(char *str)
> }
> __setup("ima_hash=", hash_setup);
>
> +enum hash_algo ima_get_current_hash_algo(void)
> +{
> + return ima_hash_algo;
> +}
> +
> /* Prevent mmap'ing a file execute that is already mmap'ed write */
> static int mmap_violation_check(enum ima_hooks func, struct file *file,
> char **pathbuf, const char **pathname,
>
Powered by blists - more mailing lists