WSL2-Linux-Kernel/security
GUO Zihua 3892794a18 ima: remove the IMA_TEMPLATE Kconfig option
commit 891163adf1 upstream.

The original 'ima' measurement list template contains a hash, defined
as 20 bytes, and a null terminated pathname, limited to 255
characters.  Other measurement list templates permit both larger hashes
and longer pathnames.  When the "ima" template is configured as the
default, a new measurement list template (ima_template=) must be
specified before specifying a larger hash algorithm (ima_hash=) on the
boot command line.

To avoid this boot command line ordering issue, remove the legacy "ima"
template configuration option, allowing it to still be specified on the
boot command line.

The root cause of this issue is that during the processing of ima_hash,
we would try to check whether the hash algorithm is compatible with the
template. If the template is not set at the moment we do the check, we
check the algorithm against the configured default template. If the
default template is "ima", then we reject any hash algorithm other than
sha1 and md5.

For example, if the compiled default template is "ima", and the default
algorithm is sha1 (which is the current default). In the cmdline, we put
in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be
that ima starts with ima-ng as the template and sha256 as the hash
algorithm. However, during the processing of "ima_hash=",
"ima_template=" has not been processed yet, and hash_setup would check
the configured hash algorithm against the compiled default: ima, and
reject sha256. So at the end, the hash algorithm that is actually used
will be sha1.

With template "ima" removed from the configured default, we ensure that
the default tempalte would at least be "ima-ng" which allows for
basically any hash algorithm.

This change would not break the algorithm compatibility checks for IMA.

Fixes: 4286587dcc ("ima: add Kconfig default measurement list template")
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-09 10:23:25 +02:00
..
apparmor apparmor: fix error check 2021-11-18 19:16:58 +01:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity ima: remove the IMA_TEMPLATE Kconfig option 2022-06-09 10:23:25 +02:00
keys KEYS: trusted: Avoid calling null function trusted_key_exit 2022-04-08 14:23:09 +02:00
landlock landlock: Fix same-layer rule unions 2022-06-09 10:23:24 +02:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: fix bad cleanup on error in hashtab_duplicate() 2022-05-25 09:57:27 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-08 14:23:55 +02:00
tomoyo TOMOYO: fix __setup handlers return values 2022-04-08 14:23:35 +02:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:44:13 +01:00
Kconfig.hardening hardening: Clarify Kconfig text for auto-var-init 2021-07-20 23:02:59 -07:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lockdown: also lock down previous kgdb use 2022-05-25 09:57:37 +02:00