Re: IMA & truncate

From: Javier González
Date: Tue May 06 2014 - 09:47:51 EST


Hi,

> I have discovered one IMA related issue.
>
> IMA file hash is re-calculate if needed on file close.
>
> It works with ftruncate(fd, length) syscall, because it operates on
> "opened" file.
> Recalculation is happening on file close.
>
> truncate(path, length) syscall works with path and no file open/close
> takes place.
> Recalculation does not happen.
> IMA denies file access later.
>
> It looks like vfs_truncate() should possibly call IMA to recalculate the
> hash.

I have had the same issue in an integrity module I am working on to move the hash (and generally encryption) operations to a secure processor (e.g., TrustZone).
After a discussion with Al Viro I was convinced that file_close is not the right place to associate a hook in order to recalculate the hash.

I am now using the LSM hook associated with vfs_truncate to recalculate the hash and it seems to work good. I am still running some performance tests to calculate the overhead of attacking an operation here, so I don’t have data yet.

Best,

-------------------------------------------------/--
Javier González

IT University of Copenhagen
Rued Langgaards Vej 7, 2300
København S, Danmark
Office: 4D23

http://javigon.com/
Skype: javigon.napster
(+45)31376927

-------------------------------------------------/--

On 6 May 2014, at 15:32, Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx> wrote:

> Hi,
>
> I have discovered one IMA related issue.
>
> IMA file hash is re-calculate if needed on file close.
>
> It works with ftruncate(fd, length) syscall, because it operates on
> "opened" file.
> Recalculation is happening on file close.
>
> truncate(path, length) syscall works with path and no file open/close
> takes place.
> Recalculation does not happen.
> IMA denies file access later.
>
> It looks like vfs_truncate() should possibly call IMA to recalculate the
> hash.
>
> - Dmitry
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail