IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms

SETXATTR_CHECK policy rules assume that any algorithm listed in the
'appraise_algos' flag must be accepted when performing setxattr() on
the security.ima xattr.  However nothing checks that they are
available in the current kernel.  A userland application could hash
a file with a digest that the kernel wouldn't be able to verify.
However, if SETXATTR_CHECK is not in use, the kernel already forbids
that xattr write.

Verify that algorithms listed in appraise_algos are available to the
current kernel and reject the policy update otherwise. This will fix
the inconsistency between SETXATTR_CHECK and non-SETXATTR_CHECK
behaviors.

That filtering is only performed in ima_parse_appraise_algos() when
updating policies so that we do not have to pay the price of
allocating a hash object every time validate_hash_algo() is called
in ima_inode_setxattr().

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
THOBY Simon 2021-08-16 08:11:01 +00:00 committed by Mimi Zohar
parent 4f2946aa0c
commit 8ecd39cb61

View File

@ -1258,6 +1258,12 @@ static unsigned int ima_parse_appraise_algos(char *arg)
return 0;
}
if (!crypto_has_alg(hash_algo_name[idx], 0, 0)) {
pr_err("unavailable hash algorithm \"%s\", check your kernel configuration",
token);
return 0;
}
/* Add the hash algorithm to the 'allowed' bitfield */
res |= (1U << idx);
}