Hi,
On 7/7/20 10:19 AM, Kees Cook wrote:
Hi,
In looking for closely at the additions that got made to the
kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER
and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate
*kinds* of files for the LSM to reason about. They are a "how" and
"where", respectively. Remove these improper aliases and refactor the
code to adapt to the changes.
Additionally adds in missing calls to security_kernel_post_read_file()
in the platform firmware fallback path (to match the sysfs firmware
fallback path) and in module loading. I considered entirely removing
security_kernel_post_read_file() hook since it is technically unused,
but IMA probably wants to be able to measure EFI-stored firmware images,
so I wired it up and matched it for modules, in case anyone wants to
move the module signature checks out of the module core and into an LSM
to avoid the current layering violations.
This touches several trees, and I suspect it would be best to go through
James's LSM tree.
Thanks!
I've done some quick tests on this series to make sure that
the efi embedded-firmware support did not regress.
That still works fine, so this series is;
Tested-by: Hans de Goede <hdego...@redhat.com>
Regards,
Hans
-Kees
Kees Cook (4):
firmware_loader: EFI firmware loader must handle pre-allocated buffer
fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums
fs: Remove FIRMWARE_EFI_EMBEDDED from kernel_read_file() enums
module: Add hook for security_kernel_post_read_file()
drivers/base/firmware_loader/fallback_platform.c | 12 ++++++++++--
drivers/base/firmware_loader/main.c | 5 ++---
fs/exec.c | 7 ++++---
include/linux/fs.h | 3 +--
include/linux/lsm_hooks.h | 6 +++++-
kernel/module.c | 7 ++++++-
security/integrity/ima/ima_main.c | 6 ++----
7 files changed, 30 insertions(+), 16 deletions(-)