[PATCH 0/1] ima: check control characters in policy path

Tianxing Zhang anakinzhang96 at gmail.com
Sat Aug 14 08:13:55 UTC 2021


IMA policy can be updated with /sys/kernel/security/ima/policy interface when
CONFIG_IMA_WRITE_POLICY is set. However, kernel does not check the file path
carefully. It only checks if the path has '/' prefix.

When a policy file path contains control characters like '\r' or '\b',
invalid error messages can be printed to overwrite system messages.

For example:

$ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy
$ dmesg
test invalid path: ddddddddddddddddddddd (-2) 

After adding this patch, we'll be able to throw out error message:

$ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy
-bash: echo: write error: Invalid argument
$ dmesg
[   11.684004] ima: invalid path (control characters are not allowed)
[   11.684071] ima: policy update failed

Any suggestions would be appreciated, thank you.

Tianxing Zhang (1):
  ima: check control characters in policy file path

 security/integrity/ima/ima_fs.c | 9 +++++++++
 1 file changed, 9 insertions(+)


More information about the Linux-security-module-archive mailing list