[PATCH 2/6] ima: Return INTEGRITY_FAIL if digital signature can't be verified

From: Vivek Goyal
Date: Thu Feb 14 2013 - 14:57:28 EST


Digital signature verification happens using integrity_digsig_verify().
Curently we set integrity to FAIL for all error codes except -EOPNOTSUPP.
This sounds out of line.

- If appropriate kernel code is not compiled in to verify signature of
a file, then prractically it is a failed signature.

- For so many other possible errors we are setting the status to fail.
For example, -EINVAL, -ENOKEY, -ENOMEM, -EINVAL, -ENOTSUPP etc, it
beats me that why -EOPNOTSUPP is special.

This patch should make the semantics more consistent. That is, if digital
signature is present in security.ima, then any error happened during
signature processing leads to status INTEGRITY_FAIL.

AFAICS, it should not have any user visible effect on existing
application. In some cases we will start returning INTEGRITY_FAIL
instead of INTEGRITY_UNKNOWN. And process_measurement() will deny access
to file both in case of INTEGRITY_UNKNOWN and INTEGRITY_FAIL.

Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
security/integrity/ima/ima_appraise.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 3710f44..6f1eeb8 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -178,9 +178,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
xattr_value->digest, rc - 1,
iint->ima_xattr.digest,
IMA_DIGEST_SIZE);
- if (rc == -EOPNOTSUPP) {
- status = INTEGRITY_UNKNOWN;
- } else if (rc) {
+ if (rc) {
cause = "invalid-signature";
status = INTEGRITY_FAIL;
} else {
--
1.7.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/