diff options
Diffstat (limited to 'lockdown-fix-coordination-of-kernel-module-signature-verification.patch')
| -rw-r--r-- | lockdown-fix-coordination-of-kernel-module-signature-verification.patch | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/lockdown-fix-coordination-of-kernel-module-signature-verification.patch b/lockdown-fix-coordination-of-kernel-module-signature-verification.patch deleted file mode 100644 index c600f1437..000000000 --- a/lockdown-fix-coordination-of-kernel-module-signature-verification.patch +++ /dev/null @@ -1,75 +0,0 @@ -From patchwork Fri Apr 13 15:27:52 2018 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: lockdown: fix coordination of kernel module signature verification -From: Mimi Zohar <zohar@linux.vnet.ibm.com> -X-Patchwork-Id: 10340277 -Message-Id: <1523633272.3272.30.camel@linux.vnet.ibm.com> -To: David Howells <dhowells@redhat.com> -Cc: Luca Boccassi <bluca@debian.org>, - "Bruno E. O. Meneguele" <bmeneg@redhat.com>, - linux-integrity <linux-integrity@vger.kernel.org>, - linux-security-module <linux-security-module@vger.kernel.org>, - linux-kernel <linux-kernel@vger.kernel.org> -Date: Fri, 13 Apr 2018 11:27:52 -0400 - -If both IMA-appraisal and sig_enforce are enabled, then both signatures -are currently required. If the IMA-appraisal signature verification -fails, it could rely on the appended signature verification; but with the -lockdown patch set, the appended signature verification assumes that if -IMA-appraisal is enabled, it has verified the signature. Basically each -signature verification method would be relying on the other to verify the -kernel module signature. - -This patch addresses the problem of requiring both kernel module signature -verification methods, when both are enabled, by verifying just the -appended signature. - -Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> -Acked-by: Bruno E. O. Meneguele <bmeneg@redhat.com> ---- - kernel/module.c | 4 +--- - security/integrity/ima/ima_main.c | 7 ++++++- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/kernel/module.c b/kernel/module.c -index 9c1709a05037..60861eb7bc4d 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -2803,9 +2803,7 @@ static int module_sig_check(struct load_info *info, int flags, - if (sig_enforce) { - pr_notice("%s is rejected\n", reason); - return -EKEYREJECTED; -- } -- -- if (can_do_ima_check && is_ima_appraise_enabled()) -+ } else if (can_do_ima_check && is_ima_appraise_enabled()) - return 0; - if (kernel_is_locked_down(reason)) - return -EPERM; -diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c -index 754ece08e1c6..2155b1f316a4 100644 ---- a/security/integrity/ima/ima_main.c -+++ b/security/integrity/ima/ima_main.c -@@ -480,6 +480,7 @@ static int read_idmap[READING_MAX_ID] = { - int ima_post_read_file(struct file *file, void *buf, loff_t size, - enum kernel_read_file_id read_id) - { -+ bool sig_enforce = is_module_sig_enforced(); - enum ima_hooks func; - u32 secid; - -@@ -490,7 +491,11 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, - return 0; - } - -- if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */ -+ /* -+ * If both IMA-appraisal and appended signature verification are -+ * enabled, rely on the appended signature verification. -+ */ -+ if (sig_enforce && read_id == READING_MODULE) - return 0; - - /* permit signed certs */ |