1. 16 6月, 2015 1 次提交
  2. 22 5月, 2015 9 次提交
  3. 13 5月, 2015 1 次提交
  4. 16 4月, 2015 1 次提交
  5. 02 2月, 2015 1 次提交
  6. 07 1月, 2015 1 次提交
  7. 07 12月, 2014 1 次提交
  8. 20 11月, 2014 1 次提交
  9. 18 11月, 2014 6 次提交
  10. 28 10月, 2014 2 次提交
    • D
      evm: check xattr value length and type in evm_inode_setxattr() · 3b1deef6
      Dmitry Kasatkin 提交于
      evm_inode_setxattr() can be called with no value. The function does not
      check the length so that following command can be used to produce the
      kernel oops: setfattr -n security.evm FOO. This patch fixes it.
      
      Changes in v3:
      * there is no reason to return different error codes for EVM_XATTR_HMAC
        and non EVM_XATTR_HMAC. Remove unnecessary test then.
      
      Changes in v2:
      * testing for validity of xattr type
      
      [ 1106.396921] BUG: unable to handle kernel NULL pointer dereference at           (null)
      [ 1106.398192] IP: [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
      [ 1106.399244] PGD 29048067 PUD 290d7067 PMD 0
      [ 1106.399953] Oops: 0000 [#1] SMP
      [ 1106.400020] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse
      [ 1106.400020] CPU: 0 PID: 3635 Comm: setxattr Not tainted 3.16.0-kds+ #2936
      [ 1106.400020] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [ 1106.400020] task: ffff8800291a0000 ti: ffff88002917c000 task.ti: ffff88002917c000
      [ 1106.400020] RIP: 0010:[<ffffffff812af7b8>]  [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
      [ 1106.400020] RSP: 0018:ffff88002917fd50  EFLAGS: 00010246
      [ 1106.400020] RAX: 0000000000000000 RBX: ffff88002917fdf8 RCX: 0000000000000000
      [ 1106.400020] RDX: 0000000000000000 RSI: ffffffff818136d3 RDI: ffff88002917fdf8
      [ 1106.400020] RBP: ffff88002917fd68 R08: 0000000000000000 R09: 00000000003ec1df
      [ 1106.400020] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800438a0a00
      [ 1106.400020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      [ 1106.400020] FS:  00007f7dfa7d7740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000
      [ 1106.400020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 1106.400020] CR2: 0000000000000000 CR3: 000000003763e000 CR4: 00000000000006f0
      [ 1106.400020] Stack:
      [ 1106.400020]  ffff8800438a0a00 ffff88002917fdf8 0000000000000000 ffff88002917fd98
      [ 1106.400020]  ffffffff812a1030 ffff8800438a0a00 ffff88002917fdf8 0000000000000000
      [ 1106.400020]  0000000000000000 ffff88002917fde0 ffffffff8116d08a ffff88002917fdc8
      [ 1106.400020] Call Trace:
      [ 1106.400020]  [<ffffffff812a1030>] security_inode_setxattr+0x5d/0x6a
      [ 1106.400020]  [<ffffffff8116d08a>] vfs_setxattr+0x6b/0x9f
      [ 1106.400020]  [<ffffffff8116d1e0>] setxattr+0x122/0x16c
      [ 1106.400020]  [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
      [ 1106.400020]  [<ffffffff8114d011>] ? __sb_start_write+0x10f/0x143
      [ 1106.400020]  [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
      [ 1106.400020]  [<ffffffff811687c0>] ? __mnt_want_write+0x48/0x4f
      [ 1106.400020]  [<ffffffff8116d3e6>] SyS_setxattr+0x6e/0xb0
      [ 1106.400020]  [<ffffffff81529da9>] system_call_fastpath+0x16/0x1b
      [ 1106.400020] Code: c3 0f 1f 44 00 00 55 48 89 e5 41 55 49 89 d5 41 54 49 89 fc 53 48 89 f3 48 c7 c6 d3 36 81 81 48 89 df e8 18 22 04 00 85 c0 75 07 <41> 80 7d 00 02 74 0d 48 89 de 4c 89 e7 e8 5a fe ff ff eb 03 83
      [ 1106.400020] RIP  [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
      [ 1106.400020]  RSP <ffff88002917fd50>
      [ 1106.400020] CR2: 0000000000000000
      [ 1106.428061] ---[ end trace ae08331628ba3050 ]---
      Reported-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      3b1deef6
    • D
      ima: check xattr value length and type in the ima_inode_setxattr() · a48fda9d
      Dmitry Kasatkin 提交于
      ima_inode_setxattr() can be called with no value. Function does not
      check the length so that following command can be used to produce
      kernel oops: setfattr -n security.ima FOO. This patch fixes it.
      
      Changes in v3:
      * for stable reverted "allow setting hash only in fix or log mode"
        It will be a separate patch.
      
      Changes in v2:
      * testing validity of xattr type
      * allow setting hash only in fix or log mode (Mimi)
      
      [  261.562522] BUG: unable to handle kernel NULL pointer dereference at           (null)
      [  261.564109] IP: [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
      [  261.564109] PGD 3112f067 PUD 42965067 PMD 0
      [  261.564109] Oops: 0000 [#1] SMP
      [  261.564109] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse
      [  261.564109] CPU: 0 PID: 3299 Comm: setxattr Not tainted 3.16.0-kds+ #2924
      [  261.564109] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [  261.564109] task: ffff8800428c2430 ti: ffff880042be0000 task.ti: ffff880042be0000
      [  261.564109] RIP: 0010:[<ffffffff812af272>]  [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
      [  261.564109] RSP: 0018:ffff880042be3d50  EFLAGS: 00010246
      [  261.564109] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000015
      [  261.564109] RDX: 0000001500000000 RSI: 0000000000000000 RDI: ffff8800375cc600
      [  261.564109] RBP: ffff880042be3d68 R08: 0000000000000000 R09: 00000000004d6256
      [  261.564109] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88002149ba00
      [  261.564109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      [  261.564109] FS:  00007f6c1e219740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000
      [  261.564109] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  261.564109] CR2: 0000000000000000 CR3: 000000003b35a000 CR4: 00000000000006f0
      [  261.564109] Stack:
      [  261.564109]  ffff88002149ba00 ffff880042be3df8 0000000000000000 ffff880042be3d98
      [  261.564109]  ffffffff812a101b ffff88002149ba00 ffff880042be3df8 0000000000000000
      [  261.564109]  0000000000000000 ffff880042be3de0 ffffffff8116d08a ffff880042be3dc8
      [  261.564109] Call Trace:
      [  261.564109]  [<ffffffff812a101b>] security_inode_setxattr+0x48/0x6a
      [  261.564109]  [<ffffffff8116d08a>] vfs_setxattr+0x6b/0x9f
      [  261.564109]  [<ffffffff8116d1e0>] setxattr+0x122/0x16c
      [  261.564109]  [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
      [  261.564109]  [<ffffffff8114d011>] ? __sb_start_write+0x10f/0x143
      [  261.564109]  [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
      [  261.564109]  [<ffffffff811687c0>] ? __mnt_want_write+0x48/0x4f
      [  261.564109]  [<ffffffff8116d3e6>] SyS_setxattr+0x6e/0xb0
      [  261.564109]  [<ffffffff81529da9>] system_call_fastpath+0x16/0x1b
      [  261.564109] Code: 48 89 f7 48 c7 c6 58 36 81 81 53 31 db e8 73 27 04 00 85 c0 75 28 bf 15 00 00 00 e8 8a a5 d9 ff 84 c0 75 05 83 cb ff eb 15 31 f6 <41> 80 7d 00 03 49 8b 7c 24 68 40 0f 94 c6 e8 e1 f9 ff ff 89 d8
      [  261.564109] RIP  [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
      [  261.564109]  RSP <ffff880042be3d50>
      [  261.564109] CR2: 0000000000000000
      [  261.599998] ---[ end trace 39a89a3fc267e652 ]---
      Reported-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      a48fda9d
  11. 14 10月, 2014 1 次提交
  12. 13 10月, 2014 5 次提交
    • R
      ima: added support for new kernel cmdline parameter ima_template_fmt · c2426d2a
      Roberto Sassu 提交于
      This patch allows users to provide a custom template format through the
      new kernel command line parameter 'ima_template_fmt'. If the supplied
      format is not valid, IMA uses the default template descriptor.
      
      Changelog:
       - v3:
         - added check for 'fields' and 'num_fields' in
           template_desc_init_fields() (suggested by Mimi Zohar)
      
       - v2:
         - using template_desc_init_fields() to validate a format string
           (Roberto Sassu)
         - updated documentation by stating that only the chosen template
           descriptor is initialized (Roberto Sassu)
      
       - v1:
         - simplified code of ima_template_fmt_setup()
           (Roberto Sassu, suggested by Mimi Zohar)
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      c2426d2a
    • R
      ima: allocate field pointers array on demand in template_desc_init_fields() · 1bd7face
      Roberto Sassu 提交于
      The allocation of a field pointers array is moved at the end of
      template_desc_init_fields() and done only if the value of the 'fields'
      and 'num_fields' parameters is not NULL. For just validating a template
      format string, retrieved template field pointers are placed in a temporary
      array.
      
      Changelog:
       - v3:
         - do not check in this patch if 'fields' and 'num_fields' are NULL
           (suggested by Mimi Zohar)
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      1bd7face
    • R
      ima: don't allocate a copy of template_fmt in template_desc_init_fields() · 9f3166b8
      Roberto Sassu 提交于
      This patch removes the allocation of a copy of 'template_fmt', needed for
      iterating over all fields in the passed template format string. The removal
      was possible by replacing strcspn(), which modifies the passed string,
      with strchrnul(). The currently processed template field is copied in
      a temporary variable.
      
      The purpose of this change is use template_desc_init_fields() in two ways:
      for just validating a template format string (the function should work
      if called by a setup function, when memory cannot be allocated), and for
      actually initializing a template descriptor. The implementation of this
      feature will be complete with the next patch.
      
      Changelog:
       - v3:
         - added 'goto out' in template_desc_init_fields() to free allocated
           memory if a template field length is not valid (suggested by
           Mimi Zohar)
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      9f3166b8
    • R
      ima: display template format in meas. list if template name length is zero · 7dbdb420
      Roberto Sassu 提交于
      With the introduction of the 'ima_template_fmt' kernel cmdline parameter,
      a user can define a new template descriptor with custom format. However,
      in this case, userspace tools will be unable to parse the measurements
      list because the new template is unknown. For this reason, this patch
      modifies the current IMA behavior to display in the list the template
      format instead of the name (only if the length of the latter is zero)
      so that a tool can extract needed information if it can handle listed
      fields.
      
      This patch also correctly displays the error log message in
      ima_init_template() if the selected template cannot be initialized.
      
      Changelog:
       - v3:
         - check the first byte of 'e->template_desc->name' instead of using
           strlen() in ima_fs.c (suggested by Mimi Zohar)
      
       - v2:
         - print the template format in ima_init_template(), if the selected
           template is custom (Roberto Sassu)
      
       - v1:
         - fixed patch description (Roberto Sassu, suggested by Mimi Zohar)
         - set 'template_name' variable in ima_fs.c only once
           (Roberto Sassu, suggested by Mimi Zohar)
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      7dbdb420
    • R
      ima: added error messages to template-related functions · 71fed2ee
      Roberto Sassu 提交于
      This patch adds some error messages to inform users about the following
      events: template descriptor not found, invalid template descriptor,
      template field not found and template initialization failed.
      
      Changelog:
       - v2:
         - display an error message if the format string contains too many
           fields (Roberto Sassu)
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      71fed2ee
  13. 12 10月, 2014 4 次提交
  14. 08 10月, 2014 4 次提交
  15. 07 10月, 2014 1 次提交
  16. 18 9月, 2014 1 次提交
    • R
      ima: detect violations for mmaped files · 1b68bdf9
      Roberto Sassu 提交于
      This patch fixes the detection of the 'open_writers' violation for mmaped
      files.
      
      before) an 'open_writers' violation is detected if the policy contains
              a rule with the criteria: func=FILE_CHECK mask=MAY_READ
      
      after) an 'open_writers' violation is detected if the current event
             matches one of the policy rules.
      
      With the old behaviour, the 'open_writers' violation is not detected
      in the following case:
      
      policy:
      measure func=FILE_MMAP mask=MAY_EXEC
      
      steps:
      1) open a shared library for writing
      2) execute a binary that links that shared library
      3) during the binary execution, modify the shared library and save
         the change
      
      result:
      the 'open_writers' violation measurement is not present in the IMA list.
      
      Only binaries executed are protected from writes. For libraries mapped
      in memory there is the flag MAP_DENYWRITE for this purpose, but according
      to the output of 'man mmap', the mmap flag is ignored.
      
      Since ima_rdwr_violation_check() is now called by process_measurement()
      the information about if the inode must be measured is already provided
      by ima_get_action(). Thus the unnecessary function ima_must_measure()
      has been removed.
      
      Changes in v3 (Dmitry Kasatkin):
      - Violation for MMAP_CHECK function are verified since this patch
      - Changed patch description a bit
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      1b68bdf9