projects / unionfs-2.6.39.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f53dae) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Jun 2014 19:10:28 +0000 (15:10 -0400)
commit12a38b8f1dd7c65d01aa4c759f29a700c194ecec
tree60c9629330a2feb612a024f14847fa23243626d0tree | snapshot
parent7f53daea4dd53f43dd10ac24f752f74063abe4facommit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/integrity/evm/evm_main.c diff | blob | history
unionfs2-2.6.39.y