Pandora Sourcecodes - pandora-kernel.git/commit

git.openpandora.org / pandora-kernel.git / commit

author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committer	Ben Hutchings <ben@decadent.org.uk>
	Fri, 11 Jul 2014 12:33:50 +0000 (13:33 +0100)
commit	0d2b9938c49c716b35409aefee188e8c0b95d537
tree	5f52a2445762d498686b1b207e4b3c70641ef004	tree \| snapshot
parent	335a4d5ba599428c32e6bdf726cd7f20553220a9	commit \| diff

evm: prohibit userspace writing 'security.evm' HMAC value

commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key. Only the kernel should have access to it. This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

security/integrity/evm/evm_main.c

diff | blob | history

Pandora Kernel Repository

RSS Atom