[PATCH v8 6/6] IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SETXATTR_CHECK poliy rules assume that any algorithm listed in the
'appraise_algos' flag must be accepted when performing setxattr()
on the security.ima xattr.
However nothing checks that they are available in the current kernel.
A userland application could hash a file with a digest that the kernel
wouldn't be able to verify. However, if SETXATTR_CHECK is not in use,
the kernel already forbids that xattr write.

Verify that algorithms listed in appraise_algos are available to the
current kernel and reject the policy update otherwise. This will fix
the inconsistency between SETXATTR_CHECK and non-SETXATTR_CHECK
behaviors.

That filtering is only performed in ima_parse_appraise_algos() when
updating policies so that we do not have to pay the price of allocating
a hash object every time validate_hash_algo() is called in
ima_inode_setxattr().

Signed-off-by: THOBY Simon <Simon.THOBY@xxxxxxxxxx>
---
 security/integrity/ima/ima_policy.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 9eaa509f487a..87b9b71cb820 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -1258,6 +1258,12 @@ static unsigned int ima_parse_appraise_algos(char *arg)
 			return 0;
 		}
 
+		if (!crypto_has_alg(hash_algo_name[idx], 0, 0)) {
+			pr_err("unavailable hash algorithm \"%s\", check your kernel configuration",
+			       token);
+			return 0;
+		}
+
 		/* Add the hash algorithm to the 'allowed' bitfield */
 		res |= (1U << idx);
 	}
-- 
2.31.1




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux