git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Thu, 12 Jun 2014 21:58:07 +0000 (17:58 -0400)
commit	9eec3fba21c639352e93aae7e0d66b2d26ae957c
tree	e4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6	tree \| snapshot
parent	0e5c46bace5579e6ad9ec226ca40ed75050ef155	commit \| diff

evm: prohibit userspace writing 'security.evm' HMAC value

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key. Only the kernel should have access to it. This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>

security/integrity/evm/evm_main.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom