Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp7430ybh; Fri, 17 Jul 2020 16:42:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzqyvJuI9np5BzYUs3lTCnIXpEJjX+y0Ovsl7VP/zaZ/BjgLI6a+P6tFnSoOAyUImhR4mLT X-Received: by 2002:a17:906:1596:: with SMTP id k22mr10436648ejd.509.1595029369571; Fri, 17 Jul 2020 16:42:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595029369; cv=none; d=google.com; s=arc-20160816; b=Lm3UdHPLtpWZxio++6Ulq2UNa3pW/t9AcOWSe92rhGflF8/DA7Xjy2qcBmThOeJ39v 2M7panNezjcrnPe4tmLPL3YCOQGba+slcDUi1SwQdiY+eIzS1FFpqu1UUS6TpbBe3zVA cQ5vGgCVduJiI+jmBWHYXNVrMm2iE2rBloyOlRapLmpHI4HqKK5DixoojT1ro1cz0gBh D6AqOp4dV9DkROTR2yWNJsYQFSSxlH02Fre7sxLEk5PkY99Cm/u6FDSyYDkO0m96pDnS wTC4wBGzxCTm8Ca3aXSgijDYN3ztKYcXxG3OT9czi+fCdMnKMBokPvfhpQGI3CJlyFjd /DEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-filter; bh=KV3ImyOek3N8TkRZ8dwks9SPetOvzDzbwBDUYTs3QEk=; b=cTHx+h+DQ0rzNdpwpTRqkOknWwddTSntsiODBb0O180BsSl71SDJftnNgtvRJ/wSOD ztrVRV9VyG9gy5YdfgNBJY3SBukIP7l1KhjkYUK+XRv0Bt/CFbllW/4nnA4iBxqXZ4YG txnckqSiwOBAWq2sUnBbwlYi/rKAsFmxDzG5Nc1IWbES6DwGIvHdLekCebyXx71AQbyA y3Ut/AQg8rH4M/S+0+W7502KxyUZ5d3xQD79wcT+xpoZkgzwHRaz2x18dKza2hdMyIRZ Ay3nJZmyS3789iwMidU4IFFIRZZulUu2xK6TgeG4y+iy+wxnVmlV5amKHX3wnooBr/is RVTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=Q9E6C6Tk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lf11si6532973ejb.475.2020.07.17.16.42.26; Fri, 17 Jul 2020 16:42:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=Q9E6C6Tk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728186AbgGQXkD (ORCPT + 99 others); Fri, 17 Jul 2020 19:40:03 -0400 Received: from linux.microsoft.com ([13.77.154.182]:58362 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726204AbgGQXkD (ORCPT ); Fri, 17 Jul 2020 19:40:03 -0400 Received: from sequoia (162-237-133-238.lightspeed.rcsntx.sbcglobal.net [162.237.133.238]) by linux.microsoft.com (Postfix) with ESMTPSA id B631820B4909; Fri, 17 Jul 2020 16:40:01 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B631820B4909 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1595029202; bh=KV3ImyOek3N8TkRZ8dwks9SPetOvzDzbwBDUYTs3QEk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Q9E6C6Tks29TLfvMJfs61r72PRu5oNCR7QYnu8yFHktVoQEgSOnjISXShGu1v8cFU 4W14pUxA2qeTkFNXQKNAk1ZH7GZUMdT9gJuNBiU43IIDR8Nt0WLsBRziRW/5xlQJUx 6LGfvD9FO4gVKAGPnGZs2r6FZjKV0KIGy72a1snY= Date: Fri, 17 Jul 2020 18:39:59 -0500 From: Tyler Hicks To: Nayna , Lakshmi Ramasubramanian , Mimi Zohar Cc: Dmitry Kasatkin , James Morris , "Serge E . Hallyn" , Prakhar Srivastava , linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH v3 06/12] ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond Message-ID: <20200717233959.GP3673@sequoia> References: <20200709061911.954326-1-tyhicks@linux.microsoft.com> <20200709061911.954326-7-tyhicks@linux.microsoft.com> <336cc947-1f70-0286-6506-6df3d1d23a1d@linux.vnet.ibm.com> <20200717191858.GN3673@sequoia> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200717191858.GN3673@sequoia> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-07-17 14:19:03, Tyler Hicks wrote: > On 2020-07-17 14:56:46, Nayna wrote: > > > > On 7/9/20 2:19 AM, Tyler Hicks wrote: > > > The KEY_CHECK function only supports the uid, pcr, and keyrings > > > conditionals. Make this clear at policy load so that IMA policy authors > > > don't assume that other conditionals are supported. > > > > > > Fixes: 5808611cccb2 ("IMA: Add KEY_CHECK func to measure keys") > > > Signed-off-by: Tyler Hicks > > > Reviewed-by: Lakshmi Ramasubramanian > > > --- > > > > > > * v3 > > > - Added Lakshmi's Reviewed-by > > > - Adjust for the indentation change introduced in patch #4 > > > * v2 > > > - No change > > > > > > security/integrity/ima/ima_policy.c | 7 +++++++ > > > 1 file changed, 7 insertions(+) > > > > > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > > > index 1c64bd6f1728..81da02071d41 100644 > > > --- a/security/integrity/ima/ima_policy.c > > > +++ b/security/integrity/ima/ima_policy.c > > > @@ -1023,6 +1023,13 @@ static bool ima_validate_rule(struct ima_rule_entry *entry) > > > if (entry->action & ~(MEASURE | DONT_MEASURE)) > > > return false; > > > > > > + if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR | > > > + IMA_KEYRINGS)) > > > + return false; > > > + > > > + if (ima_rule_contains_lsm_cond(entry)) > > > + return false; > > > + > > > break; > > > default: > > > return false; > > > > Should there be a check for IMA_MEASURE_ASYMMETRIC_KEYS in Opt_keyrings in > > ima_parse_rule() to return immediately if not enabled ? > > I didn't notice that "keyrings=" could be disabled at build time. I > think you're right that something like what I have below would be a good idea. > > @Lakshmi, do you agree? > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 81da02071d41..bd687560f88e 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -1212,6 +1212,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > case Opt_keyrings: > ima_log_string(ab, "keyrings", args[0].from); > > + if (!IS_ENABLED(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS)) { > + result = -EINVAL; > + break; > + } > + > keyrings_len = strlen(args[0].from) + 1; > > if ((entry->keyrings) || > Actually, this change introduces a new compiler warning in another part of the code that I need to think some more about. I'd like to leave this patch as-is for now and work on the !CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS case in a separate, later patch when I have some more time to think about it and test properly. Tyler > Tyler > > > > > Thanks & Regards, > > > > ???? - Nayna > >