[PATCH 0/1] ima: check control characters in policy path
Tianxing Zhang
anakinzhang96 at gmail.com
Sat Aug 14 08:13:55 UTC 2021
Hi,
IMA policy can be updated with /sys/kernel/security/ima/policy interface when
CONFIG_IMA_WRITE_POLICY is set. However, kernel does not check the file path
carefully. It only checks if the path has '/' prefix.
When a policy file path contains control characters like '\r' or '\b',
invalid error messages can be printed to overwrite system messages.
For example:
$ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy
$ dmesg
test invalid path: ddddddddddddddddddddd (-2)
After adding this patch, we'll be able to throw out error message:
$ echo -e "/\rtest invalid path: ddddddddddddddddddddd" > /sys/kernel/security/ima/policy
-bash: echo: write error: Invalid argument
$ dmesg
[ 11.684004] ima: invalid path (control characters are not allowed)
[ 11.684071] ima: policy update failed
Any suggestions would be appreciated, thank you.
Tianxing Zhang (1):
ima: check control characters in policy file path
security/integrity/ima/ima_fs.c | 9 +++++++++
1 file changed, 9 insertions(+)
--
2.25.1
More information about the Linux-security-module-archive
mailing list