diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-01-07 19:37:36 +0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-01-07 19:37:36 +0400 |
| commit | 7991b03d653865e4de7e6c056f85c004f542dbbe (patch) | |
| tree | 8c96f4f81f2b1d660d89b9a503afd0aa813f4110 | |
| parent | 0c4a842349b27d361f1503f6437df303e1b541c9 (diff) | |
| parent | ade24c93ab173b392a905ef8d510874dfb05a417 (diff) | |
| download | linux-7991b03d653865e4de7e6c056f85c004f542dbbe.tar.xz | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity subsystem regression fix from James Morris:
"Commit fdf90729e578 "ima: support new kernel module syscall" by error
modified init_module() to return INTEGRITY_UNKNOWN (which is 4) to
user space if the kernel was built with CONFIG_IMA_APPRAISE=y.
As a result, user space can no longer load kernel modules using
init_module(). This commit fixes this regression."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
| -rw-r--r-- | security/integrity/ima/ima.h | 1 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 12 | ||||
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 3 |
3 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3b2adb794f15..079a85dc37b2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -139,6 +139,7 @@ void ima_delete_rules(void); /* Appraise integrity measurements */ #define IMA_APPRAISE_ENFORCE 0x01 #define IMA_APPRAISE_FIX 0x02 +#define IMA_APPRAISE_MODULES 0x04 #ifdef CONFIG_IMA_APPRAISE int ima_appraise_measurement(struct integrity_iint_cache *iint, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 45de18e9a6f2..dba965de90d3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check); */ int ima_module_check(struct file *file) { - int rc; + int rc = 0; - if (!file) - rc = INTEGRITY_UNKNOWN; - else + if (!file) { + if (ima_appraise & IMA_APPRAISE_MODULES) { +#ifndef CONFIG_MODULE_SIG_FORCE + rc = -EACCES; /* INTEGRITY_UNKNOWN */ +#endif + } + } else rc = process_measurement(file, file->f_dentry->d_name.name, MAY_EXEC, MODULE_CHECK); return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af7d182d5a46..479fca940bb5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) } if (!result && (entry->action == UNKNOWN)) result = -EINVAL; - + else if (entry->func == MODULE_CHECK) + ima_appraise |= IMA_APPRAISE_MODULES; audit_log_format(ab, "res=%d", !result); audit_log_end(ab); return result; |