|
Message-ID: <20180308221537.46ogqx64cev767ur@smitten> Date: Thu, 8 Mar 2018 15:15:37 -0700 From: Tycho Andersen <tycho@...ho.ws> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@...il.com>, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH v2] ima: drop vla in ima_audit_measurement() Hi Mimi, On Thu, Mar 08, 2018 at 05:05:40PM -0500, Mimi Zohar wrote: > On Thu, 2018-03-08 at 14:45 -0700, Tycho Andersen wrote: > > Hi Mimi, > > > > On Thu, Mar 08, 2018 at 03:36:14PM -0500, Mimi Zohar wrote: > > > On Thu, 2018-03-08 at 13:23 -0700, Tycho Andersen wrote: > > > > > > > /* > > > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > > > > index 2cfb0c714967..356faae6f09c 100644 > > > > --- a/security/integrity/ima/ima_main.c > > > > +++ b/security/integrity/ima/ima_main.c > > > > @@ -288,8 +288,11 @@ static int process_measurement(struct file *file, char *buf, loff_t size, > > > > xattr_value, xattr_len, opened); > > > > inode_unlock(inode); > > > > } > > > > - if (action & IMA_AUDIT) > > > > - ima_audit_measurement(iint, pathname); > > > > + if (action & IMA_AUDIT) { > > > > + rc = ima_audit_measurement(iint, pathname); > > > > + if (rc < 0) > > > > + goto out_locked; > > > > + } > > > > > > > > if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) > > > > rc = 0; > > > > > > Only when IMA-appraisal is enforcing file data integrity should > > > process_measurement() ever fail. Other errors can be logged/audited. > > > > Ok, so previously in ima_audit_measurement() when allocation failed, > > there was nothing logged. If we just keep this behavior like below, > > does that look good? > > Before the IMA locking change that were just upstreamed, there were > problems with measuring/appraising files that were opened with the > O_DIRECT flag. Unless the IMA policy specified permit_directio, the > measurement/appraisal failed. With the new locking, opening files > with the O_DIRECTIO flag shouldn't be a problem. It just needs to be > fully tested before removing this code. > > On failure, the code below tests the ima_audit_measurement() result > and skips the IMA_PERMIT_DIRECTIO test. Unless I'm missing something, > I don't see the point. It skips the IMA_PERMIT_DIRECTIO test because it's already going to fail: we're in enforce mode and we got an allocation failure and so we can't audit this access (note: there is another allocation failure in ima_audit_measurement() which is still ignored after this patch, so maybe ignoring failures is ok; seems like it's not, though). I'm not sure I really understand the rest of your message though. Can you suggest what the patch should do here? Should we just ignore all failures as before? Tycho
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.