[Cc'ing Matthew] Hi Roberto, On Tue, 2020-04-21 at 10:58 +0000, Roberto Sassu wrote: > Hi Mimi > > I found a problem in the calculation of the EVM digest. > > If an xattr is in the security domain, vfs_getxattr() calls xattr_getsecurity(), > which is implemented by LSMs. vfs_getxattr_alloc() instead calls directly > the filesystem function to read xattrs. > > The problem arises for example when you have a file with a portable > signature on the correct SELinux label (with \0) and you set security.selinux > manually: > > setfattr -n security.selinux -v "system_u:object_r:bin_t:s0" cat > > Although the length passed is 26 bytes (without \0), you get: > > # attr -l cat > Attribute "selinux" has a 27 byte value for cat > > which includes \0. > > From user space, evmctl does not complain (the signature is ok) because > it calculates the EVM digest with \0, but EVM verification fails (because it > calculates the digest without \0). > > Should this problem be fixed? I don't seem to be having any problems verifying the EVM immutable & portable signatures. To test, I've copied a properly labeled file twice, once with the "--preserve=xattr" and once without it. I signed the properly labeled file with the EVM immutable & portable signature. On the other file, I first set the selinux label before signing it. If there was a problem manually writing the SELinux label, the security.evm labels would be different, which they aren't. Matthew, are you able to reproduce Roberto's problem? Mimi
