lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20211108170100.148066-1-zohar@linux.ibm.com>
Date:   Mon,  8 Nov 2021 12:01:00 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     linux-integrity@...r.kernel.org
Cc:     Mimi Zohar <zohar@...ux.ibm.com>,
        Miklos Szeredi <miklos@...redi.hu>,
        Amir Goldstein <amir73il@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-unionfs@...r.kernel.org
Subject: [RFC PATCH] ima: differentiate overlay, pivot_root, and other pathnames

Relative file pathnames are included in the IMA measurement list making
it difficult to differentiate files.  Permit replacing the relative
pathname with the (raw) full pathname in the measurement list.

Define a new module param named "ima.rawpath".

Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
---
comment: this change does not address the simple "unshare -m" case
without pivot_root.

 .../admin-guide/kernel-parameters.txt          |  7 +++++++
 security/integrity/ima/ima_api.c               | 18 +++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 91ba391f9b32..d49a5edcd3c3 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1890,6 +1890,13 @@
 			different crypto accelerators. This option can be used
 			to achieve best performance for particular HW.
 
+	ima.rawpath=	[IMA]
+			Format: <bool>
+			Default: 0
+			This parameter controls whether the IMA measurement
+			list contains the relative or raw full file pathnames
+			in the IMA measurement list.
+
 	init=		[KNL]
 			Format: <full_path>
 			Run specified binary instead of /sbin/init as init
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index a64fb0130b01..42c6ff7056e6 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -9,14 +9,19 @@
  *	appraise_measurement, store_measurement and store_template.
  */
 #include <linux/slab.h>
+#include <linux/moduleparam.h>
 #include <linux/file.h>
 #include <linux/fs.h>
+#include <linux/fs_struct.h>
 #include <linux/xattr.h>
 #include <linux/evm.h>
 #include <linux/iversion.h>
 
 #include "ima.h"
 
+static bool rawpath_enabled;
+module_param_named(rawpath, rawpath_enabled, bool, 0);
+
 /*
  * ima_free_template_entry - free an existing template entry
  */
@@ -390,11 +395,22 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
  */
 const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
 {
+	struct dentry *dentry = NULL;
 	char *pathname = NULL;
 
 	*pathbuf = __getname();
 	if (*pathbuf) {
-		pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
+		if (!rawpath_enabled) {
+			pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
+		} else {
+			/* Use union/overlay full pathname */
+			if (unlikely(path->dentry->d_flags & DCACHE_OP_REAL))
+				dentry = d_real(path->dentry, NULL);
+			else
+				dentry = path->dentry;
+			pathname = dentry_path_raw(dentry, *pathbuf, PATH_MAX);
+		}
+
 		if (IS_ERR(pathname)) {
 			__putname(*pathbuf);
 			*pathbuf = NULL;
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ