On Fri, 2017-10-27 at 10:27 +0000, Dmitry Kasatkin wrote:
> > @@ -345,7 +350,8 @@ int evm_inode_setxattr(struct dentry *dentry, const
> > char *xattr_name,
> > if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
> > if (!xattr_value_len)
> > return -EINVAL;
> > - if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)
> > + if (xattr_data->type != EVM_IMA_XATTR_DIGSIG &&
> > + xattr_data->type != EVM_XATTR_PORTABLE_DIGSIG)
> > return -EPERM;
> > }
> > return evm_protect_xattr(dentry, xattr_name, xattr_value, @@ -
> > 432,6 +438,7 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr
> > *attr)
> > return 0;
> > evm_status = evm_verify_current_integrity(dentry);
> > if ((evm_status == INTEGRITY_PASS) ||
> > + (evm_status == INTEGRITY_PASS_IMMUTABLE) ||
> > (evm_status == INTEGRITY_NOXATTRS))
> > return 0;
>
> Something is wrong here?
> When integrity verification pass, this code WILL ALLOW to change attribute.
> But it is not possible... next time integrity verification will fail?
> Or I miss something?
Right, it will allow the file metadata change. The bigger problem is
that evm_inode_post_setattr() will replace the signature with an HMAC.
>
> > integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
