lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d6c331029bb47fa7a4e574a66b28cf7c96edd5b0.camel@huaweicloud.com>
Date:   Fri, 03 Feb 2023 09:21:16 +0100
From:   Roberto Sassu <roberto.sassu@...weicloud.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>, dmitry.kasatkin@...il.com,
        jmorris@...ei.org, serge@...lyn.com
Cc:     linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, stefanb@...ux.ibm.com,
        viro@...iv.linux.org.uk, pvorel@...e.cz,
        Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH ima-evm-utils v4] Add tests for MMAP_CHECK and
 MMAP_CHECK_REQPROT hooks

On Thu, 2023-02-02 at 15:40 -0500, Mimi Zohar wrote:
> On Thu, 2023-02-02 at 17:23 +0100, Roberto Sassu wrote:
> > > > +   if (ptr == MAP_FAILED) {
> > > > +           ret = ERR_SETUP;
> > > > +           if (argv[2] && !strcmp(argv[2], "exec_on_writable") &&
> > > > +               errno == EACCES)
> > > > +                   ret = ERR_TEST;
> > > > +
> > > 
> > > FYI, on an older distro kernel, the mmap fails and results in following
> > > without any explanation.
> > > 
> > > Test: check_mmap (hook="MMAP_CHECK", test_mmap arg: "exec")
> > > Unexpected exit status 1 from test_mmap
> > > 
> > > With some additional debugging, I'm seeing:
> > > Failed mmap() /tmp/tmp.4gD2UjSvC4/tmp.PlzUEm09hO, err: -13 (Permission
> > > denied)b
> > 
> > Uhm, ok. Which kernel is failing?
> 
> I'm able to reproduce the error on a next-integrity or next-integrity-
> testing kernel, by running the tests multiple times.  The error doesn't
> occur the first time running the test, but subsequent times.

Ops, yes. The problem was that the fowners of the measure and appraise
rules were shared. Will not work, unless the files used in the measure
tests are signed too.

Roberto

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ