On 09/23/2016 11:15 AM, Panu Matilainen wrote:
On 09/22/2016 08:30 PM, Stefan Berger wrote:
The following series of patches addresses some issues with signatures on
files. In particular:

- some files marked as config files are also executables and therefore
  need to have a signature applied
- the IMA plugin may only run on package install cycle rather than the
  remove cycle, which would apply the previous versions' signatures on
  the files
- some RPM packages require that the files be signed when the post
  install scriptlets are run since they may invoke executables that
  were just installed; so we introduce two new hooks, fsm_pre and
  fsm_post. We move the IMA plugin from the psm_post hook to the
  fsm_post hook.

   Regards,
      Stefan

Stefan Berger (4):
  ima-plugin: Have executable configuration files signed
  ima-plugin: Only run the IMA plugin on package installation
  rpmplugins: Introduce new fsm_pre and fsm_post hooks
  IMA: Move the IMA plugin to the fsm_post hook

 lib/psm.c        |  6 +++++-
 lib/rpmplugin.h  |  6 ++++++
 lib/rpmplugins.c | 35 +++++++++++++++++++++++++++++++++++
 lib/rpmplugins.h | 19 +++++++++++++++++++
 plugins/ima.c    | 32 ++++++++++++++++++++++----------
 5 files changed, 87 insertions(+), 11 deletions(-)


So... to achieve all this and actually behave correct in the face of
skipped files  - whether due to color, netshared path or other file
policies - the IMA plugin should really just do what the selinux plugin
does and use fsm_file_prepare hook for its task, which after all is
highly similar anyway.

Something like this (mind you, non-compiled, never mind tested code ahead):

static rpmRC ima_file_prepare(rpmPlugin plugin, rpmfi fi,
                              const char *path, const char *dest,
                              mode_t file_mode, rpmFsmOp op)

{
        const unsigned char * fsig = NULL;
        size_t len;
        rpmRC rc = RPMRC_OK;

        /* Ignore skipped files */
        if (XFA_SKIPPING(action))
            goto exit;

        /* Don't install signatures for (mutable) config files */
        if (rpmfiFFlags(fi) & RPMFILE_CONFIG) {
            if (!rpmfiFMode(fi) & (S_IXUSR|S_IXGRP|S_IXOTH))
                goto exit;
        }

        fsig = rpmfiFSignature(fi, &len);
        if (fsig && (check_zero_hdr(fsig, len) == 0)) {
            if (lsetxattr(fpath, XATTR_NAME_IMA, fsig, len, 0) < 0)
                            ^^^^^

Should be "path" obviously.

Good thing I explicitly said I hadn't even compiled it ;)

        - Panu -


_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to