git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Roberto Sassu <roberto.sassu@huawei.com>
	Fri, 14 May 2021 15:27:44 +0000 (17:27 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 20 Jul 2021 14:15:42 +0000 (16:15 +0200)
commit	77c94b2a1deea733e2796a2da7b637c1afd0cdb8
tree	e4e6fee986c2a8afc6f54d705dffc2c2badf544d	tree
parent	2c6b7016754559b1ead8d61e8ac67728d960fbbd	commit \| diff

evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded

commit 9acc89d31f0c94c8e573ed61f3e4340bbd526d0c upstream.

EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to
temporarily disable metadata verification until all xattrs/attrs necessary
to verify an EVM portable signature are copied to the file. This flag is
cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is
calculated on unverified xattrs/attrs.

Currently EVM unnecessarily denies setting this flag if EVM is initialized
with a public key, which is not a concern as it cannot be used to trust
xattrs/attrs updates. This patch removes this limitation.

Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org # 4.16.x
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Documentation/ABI/testing/evm		diff \| blob \| blame \| history
security/integrity/evm/evm_secfs.c		diff \| blob \| blame \| history