Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if... | linux-integrity

[PATCH v5 00/12] evm: Improve usability of portable signatures · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 01/12] evm: Execute evm_inode_init_security() only when an HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 02/12] evm: Load EVM key in ima_load_x509() to avoid appraisal · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 03/12] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 03/12] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2021-04-30
[PATCH v5 04/12] ima: Move ima_reset_appraise_flags() call to post hooks · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 04/12] ima: Move ima_reset_appraise_flags() call to post hooks · Casey Schaufler <casey@schaufler-ca.com> · 2021-04-07
RE: [PATCH v5 04/12] ima: Move ima_reset_appraise_flags() call to post hooks · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 04/12] ima: Move ima_reset_appraise_flags() call to post hooks · Mimi Zohar <zohar@linux.ibm.com> · 2021-04-26
[PATCH v5 05/12] evm: Introduce evm_status_revalidate() · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 07/12] evm: Allow xattr/attr operations for portable signatures · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 07/12] evm: Allow xattr/attr operations for portable signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 07/12] evm: Allow xattr/attr operations for portable signatures · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-04
Re: [PATCH v5 07/12] evm: Allow xattr/attr operations for portable signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-04
[PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-04
Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-04
[PATCH v5 08/12] evm: Pass user namespace to set/remove xattr hooks · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 08/12] evm: Pass user namespace to set/remove xattr hooks · Christian Brauner <hidden> · 2021-04-07
[PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Christian Brauner <hidden> · 2021-04-07
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · kernel test robot <hidden> · 2021-04-07
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · kernel test robot <hidden> · 2021-04-07
[RESEND][PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
RE: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
RE: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2021-05-03
Re: [PATCH v5 09/12] evm: Allow setxattr() and setattr() for unmodified metadata · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-03
[PATCH v5 10/12] ima: Allow imasig requirement to be satisfied by EVM portable signatures · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 11/12] ima: Introduce template field evmsig and write to field sig as fallback · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07
[PATCH v5 12/12] ima: Don't remove security.ima if file must not be appraised · Roberto Sassu <roberto.sassu@huawei.com> · 2021-04-07

Re: [PATCH v5 06/12] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-05-03 12:07:54
Also in: linux-fsdevel, linux-security-module, lkml

On Mon, 2021-05-03 at 07:55 +0000, Roberto Sassu wrote:

quoted

diff --git a/security/integrity/evm/evm_main.c

b/security/integrity/evm/evm_main.c

quoted

@@ -354,6 +372,8 @@ static int evm_protect_xattr(struct dentry *dentry,

const char *xattr_name,

quoted

 				    -EPERM, 0);
 	}
 out:
+	if (evm_ignore_error_safe(evm_status))
+		return 0;

I agree with the concept, but the function name doesn't provide enough
context.  Perhaps defining a function more along the lines of
"evm_hmac_disabled()" would be more appropriate and at the same time
self documenting.

Since the function checks if the passed error can be ignored,
would evm_ignore_error_hmac_disabled() also be ok?

The purpose of evm_protect_xattr() is to prevent allowing an invalid
security.evm xattr from being re-calculated and updated, making it
valid.   Refer to the first line of the function description.  That
hasn't changed.

One of the reasons for defining a new function is to avoid code
duplication, but it should not come at the expense of clear and easily
understood code.   In this case, the reason for "ignoring" certain
return codes needs to be highlighted, not hidden.  
(is_)evm_hmac_disabled() makes this very clear.

Please update the function description to include the reason why making
an exception is safe.

thanks,

Mimi

quoted

 	if (evm_status != INTEGRITY_PASS)
 		integrity_audit_msg(AUDIT_INTEGRITY_METADATA,

d_backing_inode(dentry),

quoted

 				    dentry->d_name.name,

"appraise_metadata",

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help