Received: by 10.223.164.221 with SMTP id h29csp2404974wrb; Thu, 2 Nov 2017 10:23:30 -0700 (PDT) X-Google-Smtp-Source: ABhQp+SjUOvQ301ep3ddIwzCXh2lQ2ZUNVZsl5tmu9PqN30J3GkghbVPWy4yxxj9oJ0Ukhb3lgUl X-Received: by 10.98.89.6 with SMTP id n6mr4524396pfb.89.1509643410112; Thu, 02 Nov 2017 10:23:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509643410; cv=none; d=google.com; s=arc-20160816; b=WzzU5FG/WfXMmpe8/j9Ec8q6ln7hgNZia/IAcfGXzijzYFJ1umPw8UzbwxPBgGr9Su SsMywp/FaeY4rhH2vwb0ABHaaYy0BOb/0MRX7u4uETHtirbYdVWploOcs5Ph8d2c+aMS j2DFtP2aptuQRprj3BEk2J1/TXdnfvcD9EUiby/YG4LVwpT9TBOzfiZiGK9xJvA84O3H VfA0w4U5/Jmfeew8lIyju+x4JhJ23j2JazTuwxgdhNZefA1lMeauGd7RWoWm0bokPVOP nD5sI1IZlu4WsGjaNOxpicdCMWDT3GCvVvuLAk+LQQP7jGvziOv1sVsknSsOpfGL+Hgv 7C+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-transfer-encoding :content-id:mime-version:subject:cc:to:references:in-reply-to:from :organization:dmarc-filter:arc-authentication-results; bh=73HD9sUozriHoOOg4YWHd5hEDUskQ2dAnRBbybzCmww=; b=BNmeV52jlWJNmfKnzRX7XdufmaZcWSPDAa/yWoUmsF0xFanhBisZBWGDZv9mf4rRD/ shyWTKnpHx4ZUFko9tCwlvqf0EIiQ0CMuvem+BPRyG28Y0XB4ypzo+8OYQ0SjBkk9pHy 1CpiDSfV3+HeiAYZiGz37w82F925zO3T9vUxe1br+9Qm2HMAG5BJ5pepWX/bywBS6vGS izxVPe6x7Og6XHHUlDvQz9bXSRQ8Oz36YAvtn4VknjzNLJScU8CP3YZG4+QtPoa00G4+ drnYOAxIifz6u/AkdTVFeweleCQlT7cioF+BkgPqrNGl2zsa4Egp/mkNJ6VOmaGIj/9S Holg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e4si3334341pgq.203.2017.11.02.10.23.16; Thu, 02 Nov 2017 10:23:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754727AbdKBRWl convert rfc822-to-8bit (ORCPT + 97 others); Thu, 2 Nov 2017 13:22:41 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39592 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751931AbdKBRWj (ORCPT ); Thu, 2 Nov 2017 13:22:39 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 45D7CC04AC60; Thu, 2 Nov 2017 17:22:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 45D7CC04AC60 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dhowells@redhat.com Received: from warthog.procyon.org.uk (ovpn-121-14.rdu2.redhat.com [10.10.121.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6961260577; Thu, 2 Nov 2017 17:22:37 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <1509130095.3716.13.camel@linux.vnet.ibm.com> References: <1509130095.3716.13.camel@linux.vnet.ibm.com> <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842465546.7923.6762214527898273559.stgit@warthog.procyon.org.uk> To: Mimi Zohar Cc: dhowells@redhat.com, linux-security-module@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, matthew.garrett@nebula.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, jforbes@redhat.com Subject: Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <20239.1509643356.1@warthog.procyon.org.uk> Content-Transfer-Encoding: 8BIT Date: Thu, 02 Nov 2017 17:22:36 +0000 Message-ID: <20240.1509643356@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 02 Nov 2017 17:22:39 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, I've altered this patch to allow for IMA appraisal on finit_module(). See the attached. David --- commit c0d5336356004e7543314e388755a00e725521da Author: David Howells Date: Wed May 24 14:56:01 2017 +0100 Enforce module signatures if the kernel is locked down If the kernel is locked down, require that all modules have valid signatures that we can verify or that IMA can validate the file. Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" Reviewed-by: James Morris diff --git a/kernel/module.c b/kernel/module.c index de66ec825992..0ce29c8aa75a 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -64,6 +64,7 @@ #include #include #include +#include #include #include "module-internal.h" @@ -2757,7 +2758,8 @@ static inline void kmemleak_load_module(const struct module *mod, #endif #ifdef CONFIG_MODULE_SIG -static int module_sig_check(struct load_info *info, int flags) +static int module_sig_check(struct load_info *info, int flags, + bool can_do_ima_check) { int err = -ENOKEY; const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; @@ -2781,13 +2783,16 @@ static int module_sig_check(struct load_info *info, int flags) } /* Not having a signature is only an error if we're strict. */ - if (err == -ENOKEY && !sig_enforce) + if (err == -ENOKEY && !sig_enforce && + (!can_do_ima_check || !is_ima_appraise_enabled()) && + !kernel_is_locked_down("Loading of unsigned modules")) err = 0; return err; } #else /* !CONFIG_MODULE_SIG */ -static int module_sig_check(struct load_info *info, int flags) +static int module_sig_check(struct load_info *info, int flags, + bool can_do_ima_check) { return 0; } @@ -3630,13 +3635,13 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname, /* Allocate and load the module: note that size of section 0 is always zero, and we rely on this for optional sections. */ static int load_module(struct load_info *info, const char __user *uargs, - int flags) + int flags, bool can_do_ima_check) { struct module *mod; long err; char *after_dashes; - err = module_sig_check(info, flags); + err = module_sig_check(info, flags, can_do_ima_check); if (err) goto free_copy; @@ -3830,7 +3835,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, if (err) return err; - return load_module(&info, uargs, 0); + return load_module(&info, uargs, 0, false); } SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) @@ -3857,7 +3862,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) info.hdr = hdr; info.len = size; - return load_module(&info, uargs, flags); + return load_module(&info, uargs, flags, true); } static inline int within(unsigned long addr, void *start, unsigned long size) From 1582706031634685285@xxx Mon Oct 30 17:54:52 +0000 2017 X-GM-THRID: 1581705993536835286 X-Gmail-Labels: Inbox,Category Forums