evm: prohibit userspace writing 'security.evm' HMAC value - linux-dev - Linux kernel development work

diff options

author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2014-05-11 00:05:23 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2014-06-12 17:58:07 -0400
commit	2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 (patch)
tree	e4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6 /security/integrity/ima/ima_crypto.c
parent	ima: check inode integrity cache in violation check (diff)
download	linux-dev-2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4.tar.xz linux-dev-2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4.zip

evm: prohibit userspace writing 'security.evm' HMAC value

Calculating the 'security.evm' HMAC value requires access to the EVM encrypted key. Only the kernel should have access to it. This patch prevents userspace tools(eg. setfattr, cp --preserve=xattr) from setting/modifying the 'security.evm' HMAC value directly. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: <stable@vger.kernel.org>

Diffstat (limited to 'security/integrity/ima/ima_crypto.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: