Hi Roberto, On Thu, 2020-06-18 at 18:01 +0200, Roberto Sassu wrote: > Granting metadata write is safe if the HMAC key is not loaded, as it won't > let an attacker obtain a valid HMAC from corrupted xattrs. evm_write_key() > however does not allow it if any key is loaded, including a public key, > which should not be a problem. >
Why is the existing hebavior a problem? What is the problem being solved? > This patch allows setting EVM_ALLOW_METADATA_WRITES if the EVM_INIT_HMAC > flag is not set. > > Cc: [email protected] # 4.16.x > Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of > EVM-protected metadata") > Signed-off-by: Roberto Sassu <[email protected]> > --- > security/integrity/evm/evm_secfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/integrity/evm/evm_secfs.c > b/security/integrity/evm/evm_secfs.c > index cfc3075769bb..92fe26ace797 100644 > --- a/security/integrity/evm/evm_secfs.c > +++ b/security/integrity/evm/evm_secfs.c > @@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char > __user *buf, > * keys are loaded. > */ > if ((i & EVM_ALLOW_METADATA_WRITES) && > - ((evm_initialized & EVM_KEY_MASK) != 0) && > + ((evm_initialized & EVM_INIT_HMAC) != 0) && > !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) > return -EPERM; > Documentation/ABI/testing/evm needs to be updated as well. thanks, Mimi
