This is the 4th of 4 patches that constitute the IBM Integrity
Measurement Architecture (IMA). This patch includes a small additional
hook that measures kernel modules before they are relocated. LSM does
not offer a proper hook for this.
This patch applies to the clean 2.6.12-rc4 test kernel.
Signed-off-by: Reiner Sailer <[email protected]>
---
diff -uprN linux-2.6.12-rc4/include/linux/ima_module.h linux-2.6.12-rc4-ima/include/linux/ima_module.h
--- linux-2.6.12-rc4/include/linux/ima_module.h 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.12-rc4-ima/include/linux/ima_module.h 2005-05-19 17:59:19.000000000 -0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <[email protected]>
+ *
+ * Maintained by: TBD
+ *
+ * LSM IBM Integrity Measurement Architecture.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * File: ima_module.h
+ * define modules measurement hook (no LSM hook) to measure
+ * modules before they are relocated
+ */
+#ifdef CONFIG_IMA_MEASURE
+extern int ima_terminating;
+extern void measure_kernel_module(void *start, unsigned long len, void *uargs);
+
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+ if (!ima_terminating)
+ measure_kernel_module(start, len, uargs);
+}
+#else
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+}
+#endif
diff -uprN linux-2.6.12-rc4/kernel/module.c linux-2.6.12-rc4-ima/kernel/module.c
--- linux-2.6.12-rc4/kernel/module.c 2005-05-07 01:20:31.000000000 -0400
+++ linux-2.6.12-rc4-ima/kernel/module.c 2005-05-19 17:59:19.000000000 -0400
@@ -38,6 +38,7 @@
#include <asm/uaccess.h>
#include <asm/semaphore.h>
#include <asm/cacheflush.h>
+#include <linux/ima_module.h>
#if 0
#define DEBUGP printk
@@ -1441,6 +1442,8 @@ static struct module *load_module(void _
if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
goto truncated;
+ ima_measure_module((void *)hdr, len, (void *)uargs);
+
/* Convenience variables */
sechdrs = (void *)hdr + hdr->e_shoff;
secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
On Fri, May 20, 2005 at 10:01:18AM -0400, Reiner Sailer wrote:
> @@ -1441,6 +1442,8 @@ static struct module *load_module(void _
> if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
> goto truncated;
>
> + ima_measure_module((void *)hdr, len, (void *)uargs);
> +
I see you did not run this code through sparse...
Gotta love security code that makes the overall system less secure...
greg k-h
Greg KH <[email protected]> wrote on 05/21/2005 02:31:51 AM:
> On Fri, May 20, 2005 at 10:01:18AM -0400, Reiner Sailer wrote:
> > @@ -1441,6 +1442,8 @@ static struct module *load_module(void _
> > if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
> > goto truncated;
> >
> > + ima_measure_module((void *)hdr, len, (void *)uargs);
> > +
>
> I see you did not run this code through sparse...
>
> Gotta love security code that makes the overall system less secure...
>
> greg k-h
[accumulative to your e-mails today on this topic]
Thanks Greg for all your work going (painfully) through the
patches I submitted.
Time for me to start learning from my mistakes and getting
a better version out.
Thanks
Reiner