[PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded

[PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
[PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
RE: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Roberto Sassu <roberto.sassu@huawei.com> · 2020-08-31
Re: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-31
[PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
RE: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-08-31
Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-31
[PATCH 04/11] evm: Check size of security.evm before using it · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 04/11] evm: Check size of security.evm before using it · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
[PATCH 05/11] evm: Allow xattr/attr operations for portable signatures if check fails · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 05/11] evm: Allow xattr/attr operations for portable signatures if check fails · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
RE: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-09-02
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-09-02

STALE2096d

From: Roberto Sassu <roberto.sassu@huawei.com>
Date: 2020-06-18 16:04:24
Also in: linux-integrity, lkml, stable
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Granting metadata write is safe if the HMAC key is not loaded, as it won't
let an attacker obtain a valid HMAC from corrupted xattrs. evm_write_key()
however does not allow it if any key is loaded, including a public key,
which should not be a problem.

This patch allows setting EVM_ALLOW_METADATA_WRITES if the EVM_INIT_HMAC
flag is not set.

Cc: stable@vger.kernel.org # 4.16.x
Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/evm/evm_secfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index cfc3075769bb..92fe26ace797 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c

@@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
 	 * keys are loaded.
 	 */
 	if ((i & EVM_ALLOW_METADATA_WRITES) &&
-	    ((evm_initialized & EVM_KEY_MASK) != 0) &&
+	    ((evm_initialized & EVM_INIT_HMAC) != 0) &&
 	    !(evm_initialized & EVM_ALLOW_METADATA_WRITES))
 		return -EPERM;

-- 
2.17.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help