mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/integrity
History
Eric Snowberg f67ff524f2 lockdown: Fix kexec lockdown bypass with ima policy 
commit 543ce63b66 upstream.

The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
This LSM may also be used on machines without UEFI.  It can also be
enabled when UEFI Secure Boot is disabled.  One of lockdown's features
is to prevent kexec from loading untrusted kernels.  Lockdown can be
enabled through a bootparam or after the kernel has booted through
securityfs.

If IMA appraisal is used with the "ima_appraise=log" boot param,
lockdown can be defeated with kexec on any machine when Secure Boot is
disabled or unavailable.  IMA prevents setting "ima_appraise=log" from
the boot param when Secure Boot is enabled, but this does not cover
cases where lockdown is used without Secure Boot.

To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
the kernel command line; then:

  $ echo "integrity" > /sys/kernel/security/lockdown
  $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
    /sys/kernel/security/ima/policy
  $ kexec -ls unsigned-kernel

Add a call to verify ima appraisal is set to "enforce" whenever lockdown
is enabled.  This fixes CVE-2022-21505.

Cc: stable@vger.kernel.org
Fixes: 29d3c1c8df ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-07-29 17:27:55 +02:00
..
evm Revert "evm: Fix memleak in init_desc" 2022-07-22 10:21:22 +02:00
ima lockdown: Fix kexec lockdown bypass with ima policy 2022-07-29 17:27:55 +02:00
platform_certs efi: Do not import certificates from UEFI Secure Boot for T2 Macs 2022-06-09 10:30:41 +02:00
Kconfig integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
digsig.c integrity: Only use machine keyring when uefi_check_trust_mok_keys is true 2022-03-08 13:55:52 +02:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity.h integrity-v5.18 2022-03-21 20:44:37 -07:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00