Hi, > I have discovered one IMA related issue. > > IMA file hash is re-calculate if needed on file close. > > It works with ftruncate(fd, length) syscall, because it operates on > "opened" file. > Recalculation is happening on file close. > > truncate(path, length) syscall works with path and no file open/close > takes place. > Recalculation does not happen. > IMA denies file access later. > > It looks like vfs_truncate() should possibly call IMA to recalculate the > hash.
I have had the same issue in an integrity module I am working on to move the hash (and generally encryption) operations to a secure processor (e.g., TrustZone). After a discussion with Al Viro I was convinced that file_close is not the right place to associate a hook in order to recalculate the hash. I am now using the LSM hook associated with vfs_truncate to recalculate the hash and it seems to work good. I am still running some performance tests to calculate the overhead of attacking an operation here, so I don’t have data yet. Best, -------------------------------------------------/-- Javier González IT University of Copenhagen Rued Langgaards Vej 7, 2300 København S, Danmark Office: 4D23 http://javigon.com/ Skype: javigon.napster (+45)31376927 -------------------------------------------------/-- On 6 May 2014, at 15:32, Dmitry Kasatkin <d.kasat...@samsung.com> wrote: > Hi, > > I have discovered one IMA related issue. > > IMA file hash is re-calculate if needed on file close. > > It works with ftruncate(fd, length) syscall, because it operates on > "opened" file. > Recalculation is happening on file close. > > truncate(path, length) syscall works with path and no file open/close > takes place. > Recalculation does not happen. > IMA denies file access later. > > It looks like vfs_truncate() should possibly call IMA to recalculate the > hash. > > - Dmitry > > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html
signature.asc
Description: Message signed with OpenPGP using GPGMail