| From foo@baz Fri Mar 16 15:43:17 CET 2018 |
| From: Mimi Zohar <zohar@linux.vnet.ibm.com> |
| Date: Wed, 8 Nov 2017 07:38:28 -0500 |
| Subject: ima: relax requiring a file signature for new files with zero length |
| |
| From: Mimi Zohar <zohar@linux.vnet.ibm.com> |
| |
| |
| [ Upstream commit b7e27bc1d42e8e0cc58b602b529c25cd0071b336 ] |
| |
| Custom policies can require file signatures based on LSM labels. These |
| files are normally created and only afterwards labeled, requiring them |
| to be signed. |
| |
| Instead of requiring file signatures based on LSM labels, entire |
| filesystems could require file signatures. In this case, we need the |
| ability of writing new files without requiring file signatures. |
| |
| The definition of a "new" file was originally defined as any file with |
| a length of zero. Subsequent patches redefined a "new" file to be based |
| on the FILE_CREATE open flag. By combining the open flag with a file |
| size of zero, this patch relaxes the file signature requirement. |
| |
| Fixes: 1ac202e978e1 ima: accept previously set IMA_NEW_FILE |
| Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| security/integrity/ima/ima_appraise.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/security/integrity/ima/ima_appraise.c |
| +++ b/security/integrity/ima/ima_appraise.c |
| @@ -223,7 +223,8 @@ int ima_appraise_measurement(enum ima_ho |
| if (opened & FILE_CREATED) |
| iint->flags |= IMA_NEW_FILE; |
| if ((iint->flags & IMA_NEW_FILE) && |
| - !(iint->flags & IMA_DIGSIG_REQUIRED)) |
| + (!(iint->flags & IMA_DIGSIG_REQUIRED) || |
| + (inode->i_size == 0))) |
| status = INTEGRITY_PASS; |
| goto out; |
| } |