kernel/linux.git/security/integrity/evm, branch linux-4.20.y

security/integrity: constify some read-only data

2018-10-10T16:56:15+00:00

Constify some static data that is never modified, so that it is placed in .rodata. Signed-off-by: Eric Biggers Signed-off-by: Mimi Zohar

EVM: fix return value check in evm_write_xattrs()

2018-07-22T18:49:11+00:00

In case of error, the function audit_log_start() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Wei Yongjun Acked-by: Serge Hallyn Signed-off-by: Mimi Zohar

evm: Allow non-SHA1 digital signatures

2018-07-18T11:27:22+00:00

SHA1 is reasonable in HMAC constructs, but it's desirable to be able to use stronger hashes in digital signatures. Modify the EVM crypto code so the hash type is imported from the digital signature and passed down to the hash calculation code, and return the digest size to higher layers for validation. Signed-off-by: Matthew Garrett Signed-off-by: Mimi Zohar

evm: Don't deadlock if a crypto algorithm is unavailable

2018-07-18T11:27:22+00:00

When EVM attempts to appraise a file signed with a crypto algorithm the kernel doesn't have support for, it will cause the kernel to trigger a module load. If the EVM policy includes appraisal of kernel modules this will in turn call back into EVM - since EVM is holding a lock until the crypto initialisation is complete, this triggers a deadlock. Add a CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag in the EVM case in order to fail gracefully with an error message instead of deadlocking. Signed-off-by: Matthew Garrett Acked-by: Herbert Xu Signed-off-by: Mimi Zohar

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2018-06-07T22:40:37+00:00

Pull integrity updates from James Morris: "From Mimi: - add run time support for specifying additional security xattrs included in the security.evm HMAC/signature - some code clean up and bug fixes" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: unlock on error path in evm_read_xattrs() EVM: prevent array underflow in evm_write_xattrs() EVM: Fix null dereference on xattr when xattr fails to allocate EVM: fix memory leak of temporary buffer 'temp' IMA: use list_splice_tail_init_rcu() instead of its open coded variant ima: use match_string() helper ima: fix updating the ima_appraise flag ima: based on policy verify firmware signatures (pre-allocated buffer) ima: define a new policy condition based on the filesystem name EVM: Allow runtime modification of the set of verified xattrs EVM: turn evm_config_xattrnames into a list integrity: Add an integrity directory in securityfs ima: Remove unused variable ima_initialized ima: Unify logging ima: Reflect correct permissions for policy

EVM: unlock on error path in evm_read_xattrs()

2018-06-01T10:03:08+00:00

We need to unlock before returning on this error path. Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Dan Carpenter Signed-off-by: Mimi Zohar

EVM: prevent array underflow in evm_write_xattrs()

2018-05-31T14:13:24+00:00

If the user sets xattr->name[0] to NUL then we would read one character before the start of the array. This bug seems harmless as far as I can see but perhaps it would trigger a warning in KASAN. Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Dan Carpenter Signed-off-by: Mimi Zohar

EVM: Fix null dereference on xattr when xattr fails to allocate

2018-05-31T14:13:23+00:00

In the case where the allocation of xattr fails and xattr is NULL, the error exit return path via label 'out' will dereference xattr when kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr when xattr is non-null. Detected by CoverityScan, CID#1469366 ("Dereference after null check") Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Colin Ian King Signed-off-by: Mimi Zohar

EVM: fix memory leak of temporary buffer 'temp'

2018-05-31T14:13:22+00:00

The allocation of 'temp' is not kfree'd and hence there is a memory leak on each call of evm_read_xattrs. Fix this by kfree'ing it after copying data from it back to the user space buffer 'buf'. Detected by CoverityScan, CID#1469386 ("Resource Leak") Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Colin Ian King Signed-off-by: Mimi Zohar

EVM: Allow runtime modification of the set of verified xattrs

2018-05-18T19:34:45+00:00

Sites may wish to provide additional metadata alongside files in order to make more fine-grained security decisions[1]. The security of this is enhanced if this metadata is protected, something that EVM makes possible. However, the kernel cannot know about the set of extended attributes that local admins may wish to protect, and hardcoding this policy in the kernel makes it difficult to change over time and less convenient for distributions to enable. This patch adds a new /sys/kernel/security/integrity/evm/evm_xattrs node, which can be read to obtain the current set of EVM-protected extended attributes or written to in order to add new entries. Extending this list will not change the validity of any existing signatures provided that the file in question does not have any of the additional extended attributes - missing xattrs are skipped when calculating the EVM hash. [1] For instance, a package manager could install information about the package uploader in an additional extended attribute. Local LSM policy could then be associated with that extended attribute in order to restrict the privileges available to packages from less trusted uploaders. Signed-off-by: Matthew Garrett Reviewed-by: James Morris Signed-off-by: Mimi Zohar