Hi, IMA policy can be updated with /sys/kernel/security/ima/policy interface when CONFIG_IMA_WRITE_POLICY is set. However, kernel does not check the file path carefully. It only checks if the path has '/' prefix. When a policy file path contains control characters like '\r' or '\b', invalid error messages can be printed to overwrite system messages. For example: $ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy $ dmesg test invalid path: ddddddddddddddddddddd (-2) After adding this patch, we'll be able to throw out error message: $ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy -bash: echo: write error: Invalid argument $ dmesg [ 11.684004] ima: invalid path (control characters are not allowed) [ 11.684071] ima: policy update failed Any suggestions would be appreciated, thank you. Tianxing Zhang (1): ima: check control characters in policy file path security/integrity/ima/ima_fs.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- 2.25.1
