| Message ID | 20200709061911.954326-7-tyhicks@linux.microsoft.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima: Fix rule parsing bugs and extend KEXEC_CMDLINE rule support | expand |
On 7/9/20 2:19 AM, Tyler Hicks wrote: > The KEY_CHECK function only supports the uid, pcr, and keyrings > conditionals. Make this clear at policy load so that IMA policy authors > don't assume that other conditionals are supported. > > Fixes: 5808611cccb2 ("IMA: Add KEY_CHECK func to measure keys") > Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> > Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > --- > > * v3 > - Added Lakshmi's Reviewed-by > - Adjust for the indentation change introduced in patch #4 > * v2 > - No change > > security/integrity/ima/ima_policy.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 1c64bd6f1728..81da02071d41 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -1023,6 +1023,13 @@ static bool ima_validate_rule(struct ima_rule_entry *entry) > if (entry->action & ~(MEASURE | DONT_MEASURE)) > return false; > > + if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR | > + IMA_KEYRINGS)) > + return false; > + > + if (ima_rule_contains_lsm_cond(entry)) > + return false; > + > break; > default: > return false; Should there be a check for IMA_MEASURE_ASYMMETRIC_KEYS in Opt_keyrings in ima_parse_rule() to return immediately if not enabled ? Thanks & Regards, - Nayna
On 2020-07-17 14:56:46, Nayna wrote: > > On 7/9/20 2:19 AM, Tyler Hicks wrote: > > The KEY_CHECK function only supports the uid, pcr, and keyrings > > conditionals. Make this clear at policy load so that IMA policy authors > > don't assume that other conditionals are supported. > > > > Fixes: 5808611cccb2 ("IMA: Add KEY_CHECK func to measure keys") > > Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> > > Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > > --- > > > > * v3 > > - Added Lakshmi's Reviewed-by > > - Adjust for the indentation change introduced in patch #4 > > * v2 > > - No change > > > > security/integrity/ima/ima_policy.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > > index 1c64bd6f1728..81da02071d41 100644 > > --- a/security/integrity/ima/ima_policy.c > > +++ b/security/integrity/ima/ima_policy.c > > @@ -1023,6 +1023,13 @@ static bool ima_validate_rule(struct ima_rule_entry *entry) > > if (entry->action & ~(MEASURE | DONT_MEASURE)) > > return false; > > > > + if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR | > > + IMA_KEYRINGS)) > > + return false; > > + > > + if (ima_rule_contains_lsm_cond(entry)) > > + return false; > > + > > break; > > default: > > return false; > > Should there be a check for IMA_MEASURE_ASYMMETRIC_KEYS in Opt_keyrings in > ima_parse_rule() to return immediately if not enabled ? I didn't notice that "keyrings=" could be disabled at build time. I think you're right that something like what I have below would be a good idea. @Lakshmi, do you agree? diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 81da02071d41..bd687560f88e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1212,6 +1212,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) case Opt_keyrings: ima_log_string(ab, "keyrings", args[0].from); + if (!IS_ENABLED(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS)) { + result = -EINVAL; + break; + } + keyrings_len = strlen(args[0].from) + 1; if ((entry->keyrings) || Tyler > > Thanks & Regards, > > - Nayna >
On 2020-07-17 14:19:03, Tyler Hicks wrote: > On 2020-07-17 14:56:46, Nayna wrote: > > > > On 7/9/20 2:19 AM, Tyler Hicks wrote: > > > The KEY_CHECK function only supports the uid, pcr, and keyrings > > > conditionals. Make this clear at policy load so that IMA policy authors > > > don't assume that other conditionals are supported. > > > > > > Fixes: 5808611cccb2 ("IMA: Add KEY_CHECK func to measure keys") > > > Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> > > > Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > > > --- > > > > > > * v3 > > > - Added Lakshmi's Reviewed-by > > > - Adjust for the indentation change introduced in patch #4 > > > * v2 > > > - No change > > > > > > security/integrity/ima/ima_policy.c | 7 +++++++ > > > 1 file changed, 7 insertions(+) > > > > > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > > > index 1c64bd6f1728..81da02071d41 100644 > > > --- a/security/integrity/ima/ima_policy.c > > > +++ b/security/integrity/ima/ima_policy.c > > > @@ -1023,6 +1023,13 @@ static bool ima_validate_rule(struct ima_rule_entry *entry) > > > if (entry->action & ~(MEASURE | DONT_MEASURE)) > > > return false; > > > > > > + if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR | > > > + IMA_KEYRINGS)) > > > + return false; > > > + > > > + if (ima_rule_contains_lsm_cond(entry)) > > > + return false; > > > + > > > break; > > > default: > > > return false; > > > > Should there be a check for IMA_MEASURE_ASYMMETRIC_KEYS in Opt_keyrings in > > ima_parse_rule() to return immediately if not enabled ? > > I didn't notice that "keyrings=" could be disabled at build time. I > think you're right that something like what I have below would be a good idea. > > @Lakshmi, do you agree? > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 81da02071d41..bd687560f88e 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -1212,6 +1212,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > case Opt_keyrings: > ima_log_string(ab, "keyrings", args[0].from); > > + if (!IS_ENABLED(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS)) { > + result = -EINVAL; > + break; > + } > + > keyrings_len = strlen(args[0].from) + 1; > > if ((entry->keyrings) || > Actually, this change introduces a new compiler warning in another part of the code that I need to think some more about. I'd like to leave this patch as-is for now and work on the !CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS case in a separate, later patch when I have some more time to think about it and test properly. Tyler > Tyler > > > > > Thanks & Regards, > > > > - Nayna > >
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 1c64bd6f1728..81da02071d41 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1023,6 +1023,13 @@ static bool ima_validate_rule(struct ima_rule_entry *entry) if (entry->action & ~(MEASURE | DONT_MEASURE)) return false; + if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR | + IMA_KEYRINGS)) + return false; + + if (ima_rule_contains_lsm_cond(entry)) + return false; + break; default: return false;
The KEY_CHECK function only supports the uid, pcr, and keyrings conditionals. Make this clear at policy load so that IMA policy authors don't assume that other conditionals are supported. Fixes: 5808611cccb2 ("IMA: Add KEY_CHECK func to measure keys") Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> --- * v3 - Added Lakshmi's Reviewed-by - Adjust for the indentation change introduced in patch #4 * v2 - No change security/integrity/ima/ima_policy.c | 7 +++++++ 1 file changed, 7 insertions(+)