mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/integrity
History
Randy Dunlap 997eaae6df EVM: fix the evm= __setup handler return value 
[ Upstream commit f2544f5e6c ]

__setup() handlers should return 1 if the parameter is handled.
Returning 0 causes the entire string to be added to init's
environment strings (limited to 32 strings), unnecessarily polluting it.

Using the documented string "evm=fix" causes an Unknown parameter message:
  Unknown kernel command line parameters
  "BOOT_IMAGE=/boot/bzImage-517rc5 evm=fix", will be passed to user space.

and that string is added to init's environment string space:
  Run /sbin/init as init process
    with arguments:
     /sbin/init
    with environment:
     HOME=/
     TERM=linux
     BOOT_IMAGE=/boot/bzImage-517rc5
     evm=fix

With this change, using "evm=fix" acts as expected and an invalid
option ("evm=evm") causes a warning to be printed:
  evm: invalid "evm" mode
but init's environment is not polluted with this string, as expected.

Fixes: 7102ebcd65 ("evm: permit only valid security.evm xattrs to be updated")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-04-08 13:57:35 +02:00
..
evm EVM: fix the evm= __setup handler return value 2022-04-08 13:57:35 +02:00
ima ima: Do not print policy rule with inactive LSM labels 2022-02-02 11:59:54 -05:00
platform_certs integrity: Do not load MOK and MOKx when secure boot be disabled 2021-12-24 10:25:24 -05:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
digsig.c ima: enable loading of build time generated key on .ima keyring 2021-04-09 10:40:20 -04:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00