git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 335a4d5)
evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerBen Hutchings <ben@decadent.org.uk>
Fri, 11 Jul 2014 12:33:50 +0000 (13:33 +0100)
commit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
security/integrity/evm/evm_main.c patch | blob | history

diff --cc security/integrity/evm/evm_main.c
Simple merge
Pandora Kernel Repository