projects / platform / adaptation / renesas_rcar / renesas_kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a3af538) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Jun 2014 19:15:38 +0000 (15:15 -0400)
commit73b49c736fefb5f772e13df33c44356e42e18e0b
tree4c5d98c39f6a3f96010a6df31c289d60f8cbe1e2tree | snapshot
parenta3af538e0c6af0b6d1ab8da37b1b6796300b6c2ecommit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/integrity/evm/evm_main.c diff | blob | history
Domain: System / Uncategorized;