Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame^] | 1 | From a34d61850b680c152e1dcc958ee83c3ab3261c3d Mon Sep 17 00:00:00 2001 |
| 2 | From: Patrick Ohly <patrick.ohly@intel.com> |
| 3 | Date: Tue, 15 Nov 2016 10:10:23 +0100 |
| 4 | Subject: [PATCH] Revert "ima: limit file hash setting by user to fix and log |
| 5 | modes" |
| 6 | |
| 7 | This reverts commit c68ed80c97d9720f51ef31fe91560fdd1e121533. |
| 8 | |
| 9 | The original motivation was security hardening ("File hashes are |
| 10 | automatically set and updated and should not be manually set.") |
| 11 | |
| 12 | However, that hardening ignores and breaks some valid use cases: |
| 13 | - File hashes might not be set because the file is currently |
| 14 | outside of the policy and therefore have to be set by the |
| 15 | creator. Examples: |
| 16 | - Booting into an initramfs with an IMA-enabled kernel but |
| 17 | without setting an IMA policy, then installing |
| 18 | the OS onto the target partition by unpacking a rootfs archive |
| 19 | which has the file hashes pre-computed. |
| 20 | - Unpacking a file into a staging area with meta data (like owner) |
| 21 | that leaves the file outside of the current policy, then changing |
| 22 | the meta data such that it becomes part of the current policy. |
| 23 | - "should not be set manually" implies that the creator is aware |
| 24 | of IMA semantic, the current system's configuration, and then |
| 25 | skips setting file hashes in security.ima if (and only if) the |
| 26 | kernel would prevent it. That's not the case for standard, unmodified |
| 27 | tools. Example: unpacking an archive with security.ima xattrs with |
| 28 | bsdtar or GNU tar. |
| 29 | |
| 30 | Upstream-Status: Submitted [https://sourceforge.net/p/linux-ima/mailman/message/35492824/] |
| 31 | |
| 32 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> |
| 33 | --- |
| 34 | security/integrity/ima/ima_appraise.c | 8 ++------ |
| 35 | 1 file changed, 2 insertions(+), 6 deletions(-) |
| 36 | |
| 37 | diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c |
| 38 | index 4b9b4a4..b8b2dd9 100644 |
| 39 | --- a/security/integrity/ima/ima_appraise.c |
| 40 | +++ b/security/integrity/ima/ima_appraise.c |
| 41 | @@ -385,14 +385,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, |
| 42 | result = ima_protect_xattr(dentry, xattr_name, xattr_value, |
| 43 | xattr_value_len); |
| 44 | if (result == 1) { |
| 45 | - bool digsig; |
| 46 | - |
| 47 | if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) |
| 48 | return -EINVAL; |
| 49 | - digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG); |
| 50 | - if (!digsig && (ima_appraise & IMA_APPRAISE_ENFORCE)) |
| 51 | - return -EPERM; |
| 52 | - ima_reset_appraise_flags(d_backing_inode(dentry), digsig); |
| 53 | + ima_reset_appraise_flags(d_backing_inode(dentry), |
| 54 | + (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); |
| 55 | result = 0; |
| 56 | } |
| 57 | return result; |
| 58 | -- |
| 59 | 2.1.4 |
| 60 | |