path: root/security
diff options
authorTHOBY Simon <Simon.THOBY@viveris.fr>2021-08-16 08:11:01 +0000
committerMimi Zohar <zohar@linux.ibm.com>2021-08-16 17:35:35 -0400
commit8ecd39cb61d9e302716d73be329c4d4822c24931 (patch)
treeaa22f9b920ee39cf366404b4f7468c5b8860a176 /security
parent4f2946aa0c45c78b4f4ef101bab9694e38c68db0 (diff)
IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms
SETXATTR_CHECK policy rules assume that any algorithm listed in the 'appraise_algos' flag must be accepted when performing setxattr() on the security.ima xattr. However nothing checks that they are available in the current kernel. A userland application could hash a file with a digest that the kernel wouldn't be able to verify. However, if SETXATTR_CHECK is not in use, the kernel already forbids that xattr write. Verify that algorithms listed in appraise_algos are available to the current kernel and reject the policy update otherwise. This will fix the inconsistency between SETXATTR_CHECK and non-SETXATTR_CHECK behaviors. That filtering is only performed in ima_parse_appraise_algos() when updating policies so that we do not have to pay the price of allocating a hash object every time validate_hash_algo() is called in ima_inode_setxattr(). Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 9eaa509f487a..87b9b71cb820 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -1258,6 +1258,12 @@ static unsigned int ima_parse_appraise_algos(char *arg)
return 0;
+ if (!crypto_has_alg(hash_algo_name[idx], 0, 0)) {
+ pr_err("unavailable hash algorithm \"%s\", check your kernel configuration",
+ token);
+ return 0;
+ }
/* Add the hash algorithm to the 'allowed' bitfield */
res |= (1U << idx);

Privacy Policy