提交 6d38ca01 编写于 作者: D Dmitry Kasatkin 提交者: Mimi Zohar

evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN

If EVM is not supported or enabled, evm_verify_hmac() returns
INTEGRITY_UNKNOWN, which ima_appraise_measurement() ignores and sets
the appraisal status based solely on the security.ima verification.

evm_verify_hmac() also returns INTEGRITY_UNKNOWN for other failures, such
as temporary failures like -ENOMEM, resulting in possible attack vectors.
This patch changes the default return code for temporary/unexpected
failures, like -ENOMEM, from INTEGRITY_UNKNOWN to INTEGRITY_FAIL, making
evm_verify_hmac() fail safe.

As a result, failures need to be re-evaluated in order to catch both
temporary errors, such as the -ENOMEM, as well as errors that have been
resolved in fix mode.
Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
上级 2960e6cb
...@@ -56,13 +56,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, ...@@ -56,13 +56,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
struct evm_ima_xattr_data xattr_data; struct evm_ima_xattr_data xattr_data;
int rc; int rc;
if (iint->hmac_status != INTEGRITY_UNKNOWN) if (iint->hmac_status == INTEGRITY_PASS)
return iint->hmac_status; return iint->hmac_status;
/* if status is not PASS, try to check again - against -ENOMEM */
rc = evm_calc_hmac(dentry, xattr_name, xattr_value, rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, xattr_data.digest); xattr_value_len, xattr_data.digest);
if (rc < 0) if (rc < 0)
return INTEGRITY_UNKNOWN; goto err_out;
xattr_data.type = EVM_XATTR_HMAC; xattr_data.type = EVM_XATTR_HMAC;
rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, (u8 *)&xattr_data, rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, (u8 *)&xattr_data,
...@@ -77,11 +79,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, ...@@ -77,11 +79,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
case -ENODATA: /* file not labelled */ case -ENODATA: /* file not labelled */
iint->hmac_status = INTEGRITY_NOLABEL; iint->hmac_status = INTEGRITY_NOLABEL;
break; break;
case -EINVAL:
iint->hmac_status = INTEGRITY_FAIL;
break;
default: default:
iint->hmac_status = INTEGRITY_UNKNOWN; iint->hmac_status = INTEGRITY_FAIL;
} }
return iint->hmac_status; return iint->hmac_status;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册