linux/security
Mimi Zohar cc293c8466 ima: define an init_module critical data record
The init_module syscall loads an ELF image into kernel space without
measuring the buffer containing the ELF image.  To close this kernel
module integrity gap, define a new critical-data record which includes
the hash of the ELF image.

Instead of including the buffer data in the IMA measurement list,
include the hash of the buffer data to avoid large IMA measurement
list records.  The buffer data hash would be the same value as the
finit_module syscall file hash.

To enable measuring the init_module buffer and other critical data from
boot, define "ima_policy=critical_data" on the boot command line.  Since
builtin policies are not persistent, a custom IMA policy must include
the rule as well: measure func=CRITICAL_DATA label=modules

To verify the template data hash value, first convert the buffer data
hash to binary:
grep "init_module" \
	/sys/kernel/security/integrity/ima/ascii_runtime_measurements | \
	tail -1 | cut -d' ' -f 6 | xxd -r -p | sha256sum

Reported-by: Ken Goldman <kgold@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2024-04-08 07:55:48 -04:00
..
apparmor lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity ima: define an init_module critical data record 2024-04-08 07:55:48 -04:00
keys ima: Move to LSM infrastructure 2024-02-15 23:43:46 -05:00
landlock landlock: Use f_cred in security_file_open() hook 2024-03-08 18:22:16 +01:00
loadpin lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux selinux: avoid dereference of garbage after mount failure 2024-04-01 23:32:35 -04:00
smack lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-01 11:14:00 -08:00
yama lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig fortify: drop Clang version check for 12.0.1 or newer 2024-02-22 15:38:54 -08:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c security: Place security_path_post_mknod() where the original IMA call was 2024-04-03 10:21:32 -07:00