projects / unionfs-2.6.39.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a38022) | patch
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerJiri Slaby <jslaby@suse.cz>
Mon, 23 Jun 2014 08:27:54 +0000 (10:27 +0200)
commitf422f975187e23c15cf8be951490623428659eba
tree8934bd6841bb58af366f6d6b0cfc4fd6671c3515tree | snapshot
parent4a3802293bfe49344739ff355d9d9f0514f31e19commit | diff
evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
security/integrity/evm/evm_main.c diff | blob | history
unionfs2-2.6.39.y