]> git.ipfire.org Git - people/arne_f/kernel.git/commit
projects / people / arne_f / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51678ce) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Jun 2014 19:17:33 +0000 (15:17 -0400)
commit05d659186c65f5c5d5d777ddb2d57594325965a8
tree4b7e389b506d8b67fd9f5a23d2942aadf88edc01tree | snapshot
parent51678ceba9aafdd1b24e416b474813517866cff2commit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/integrity/evm/evm_main.c diff | blob | blame | history
Arne's tree of linux kernel.