]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d855b30) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 12 Jun 2014 21:58:07 +0000 (17:58 -0400)
commit8994f9d919e58127a100ec947ddd863edf9ef786
treee4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6tree | snapshot
parentd855b30848555f899e9709af19c645eed6879722commit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
security/integrity/evm/evm_main.c diff | blob | history
Linux Kernel Source Tree.