On Mon, 2021-06-21 at 11:39 +0200, Roberto Sassu wrote: > The kernel and the user obtain an xattr value in two different ways: > > kernel (EVM): uses vfs_getxattr_alloc() which obtains the xattr value from > the filesystem handler (raw value); > > user (ima-evm-utils): uses vfs_getxattr() which obtains the xattr value > from the LSMs (normalized value). > > Normally, this does not have an impact unless security.selinux is set with > setfattr, with a value not terminated by '\0' (this is not the recommended > way, security.selinux should be set with the appropriate tools such as > chcon and restorecon). > > In this case, the kernel and the user see two different xattr values: the > former sees the xattr value without '\0' (raw value), the latter sees the > value with '\0' (value normalized by SELinux). > > This could result in two different verification outcomes from EVM and > ima-evm-utils, if a signature was calculated with a security.selinux value > terminated by '\0' and the value set in the filesystem is not terminated by > '\0'. The former would report verification failure due to the missing '\0', > while the latter would report verification success (because it gets the > normalized value with '\0'). > > This patch mitigates this issue by comparing in evm_calc_hmac_or_hash() the > size of the xattr returned by the two xattr functions and by warning the > user if there is a misalignment. Instead of "misalignment" how about using the word "discrepancy" here and in the Subject line? > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Otherwise, Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
