projects / platform / kernel / linux-stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8b46db3) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Jun 2014 19:12:37 +0000 (15:12 -0400)
commitbb7f9e5c384dbd4a1548a12c1e49d8bbfa3913a8
tree45aeeabb1baa6eb15ce22f4b1607d3573012a91ctree | snapshot
parent8b46db3abbe22919d249e26c26178d70f19b8262commit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/integrity/evm/evm_main.c diff | blob | history
Domain: System / Kernel;