diff options
| author |   Sasha Levin <sasha.levin@oracle.com> | 2015-12-22 08:51:23 -0500 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-12-24 18:56:45 -0500 |
| commit | 0112721df4edbdd07b800813300d76811572f080 (patch) | |
| tree | 9ad07cfcfdd6aedb1c0764187b95646d05b83b1a /security/integrity/ima/ima_fs.c | |
| parent | security/integrity: make ima/ima_mok.c explicitly non-modular (diff) | |
| download | wireguard-linux-0112721df4edbdd07b800813300d76811572f080.tar.xz wireguard-linux-0112721df4edbdd07b800813300d76811572f080.zip | |
IMA: policy can be updated zero times
Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.
If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be accessed.
Changelog:
- Move list_empty() test to ima_release_policy(), before audit msg - Mimi
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_fs.c')
| -rw-r--r-- | security/integrity/ima/ima_fs.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index eebb985fd083..3caed6de610c 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -355,6 +355,11 @@ static int ima_release_policy(struct inode *inode, struct file *file) if ((file->f_flags & O_ACCMODE) == O_RDONLY) return 0; + if (valid_policy && ima_check_policy() < 0) { + cause = "failed"; + valid_policy = 0; + } + pr_info("IMA: policy update %s\n", cause); integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, "policy_update", cause, !valid_policy, 0); |