user/sven/linux.git/security/integrity, branch v4.1.29

EVM: Use crypto_memneq() for digest comparisons

2016-03-04T15:25:42Z

[ Upstream commit 613317bd212c585c20796c10afe5daaa95d4b0a1 ] This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: Xiaofei Rex Guo Signed-off-by: Ryan Ware Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar Signed-off-by: James Morris Signed-off-by: Sasha Levin

ima: update builtin policies

2015-08-03T16:29:12Z

commit 24fd03c87695a76f0517df42a37e51b1597d2c8a upstream. This patch defines a builtin measurement policy "tcb", similar to the existing "ima_tcb", but with additional rules to also measure files based on the effective uid and to measure files opened with the "read" mode bit set (eg. read, read-write). Changing the builtin "ima_tcb" policy could potentially break existing users. Instead of defining a new separate boot command line option each time the builtin measurement policy is modified, this patch defines a single generic boot command line option "ima_policy=" to specify the builtin policy and deprecates the use of the builtin ima_tcb policy. [The "ima_policy=" boot command line option is based on Roberto Sassu's "ima: added new policy type exec" patch.] Signed-off-by: Mimi Zohar Signed-off-by: Dr. Greg Wettstein Signed-off-by: Greg Kroah-Hartman

ima: extend "mask" policy matching support

2015-08-03T16:29:12Z

commit 4351c294b8c1028077280f761e158d167b592974 upstream. The current "mask" policy option matches files opened as MAY_READ, MAY_WRITE, MAY_APPEND or MAY_EXEC. This patch extends the "mask" option to match files opened containing one of these modes. For example, "mask=^MAY_READ" would match files opened read-write. Signed-off-by: Mimi Zohar Signed-off-by: Dr. Greg Wettstein Signed-off-by: Greg Kroah-Hartman

ima: add support for new "euid" policy condition

2015-08-03T16:29:12Z

commit 139069eff7388407f19794384c42a534d618ccd7 upstream. The new "euid" policy condition measures files with the specified effective uid (euid). In addition, for CAP_SETUID files it measures files with the specified uid or suid. Changelog: - fixed checkpatch.pl warnings - fixed avc denied {setuid} messages - based on Roberto's feedback Signed-off-by: Mimi Zohar Signed-off-by: Dr. Greg Wettstein Signed-off-by: Greg Kroah-Hartman

ima: fix ima_show_template_data_ascii()

2015-08-03T16:29:12Z

commit 45b26133b97871896b8c5241d59f4ff7839db7b2 upstream. This patch fixes a bug introduced in "4d7aeee ima: define new template ima-ng and template fields d-ng and n-ng". Changelog: - change int to uint32 (Roberto Sassu's suggestion) Signed-off-by: Mimi Zohar Signed-off-by: Roberto Sassu Signed-off-by: Greg Kroah-Hartman

evm: labeling pseudo filesystems exception

2015-08-03T16:29:12Z

commit 5101a1850bb7ccbf107929dee9af0cd2f400940f upstream. To prevent offline stripping of existing file xattrs and relabeling of them at runtime, EVM allows only newly created files to be labeled. As pseudo filesystems are not persistent, stripping of xattrs is not a concern. Some LSMs defer file labeling on pseudo filesystems. This patch permits the labeling of existing files on pseudo files systems. Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman

ima: do not measure or appraise the NSFS filesystem

2015-08-03T16:29:12Z

commit cd025f7f94108995383edddfb61fc8afea6c66a9 upstream. Include don't appraise or measure rules for the NSFS filesystem in the builtin ima_tcb and ima_appraise_tcb policies. Changelog: - Update documentation Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman

ima: cleanup ima_init_policy() a little

2015-08-03T16:29:11Z

commit 5577857f8e26e9027271f10daf96361640907300 upstream. It's a bit easier to read this if we split it up into two for loops. Signed-off-by: Dan Carpenter Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman

ima: skip measurement of cgroupfs files and update documentation

2015-08-03T16:29:11Z

commit 6438de9f3fb5180d78a0422695d0b88c687757d3 upstream. This patch adds a rule in the default measurement policy to skip inodes in the cgroupfs filesystem. Measurements for this filesystem can be avoided, as all the digests collected have the same value of the digest of an empty file. Furthermore, this patch updates the documentation of IMA policies in Documentation/ABI/testing/ima_policy to make it consistent with the policies set in security/integrity/ima/ima_policy.c. Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman

VFS: security/: d_backing_inode() annotations

2015-04-15T19:06:56Z

most of the ->d_inode uses there refer to the same inode IO would go to, i.e. d_backing_inode() Signed-off-by: David Howells Signed-off-by: Al Viro