[PATCH 4 of 4] ima: module measure extension

• Previous message: Reiner Sailer: "[PATCH 3 of 4] ima: Linux Security Module implementation"
• Next in thread: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
• Reply: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
• Reply: Reiner Sailer: "Re: [PATCH 4 of 4] ima: module measure extension"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is the 4th of 4 patches that constitute the IBM Integrity
Measurement Architecture (IMA). This patch includes a small additional
hook that measures kernel modules before they are relocated. LSM does
not offer a proper hook for this.

This patch applies to the clean 2.6.12-rc4 test kernel.

Signed-off-by: Reiner Sailer <sailer@private>
---
diff -uprN linux-2.6.12-rc4/include/linux/ima_module.h linux-2.6.12-rc4-ima/include/linux/ima_module.h
--- linux-2.6.12-rc4/include/linux/ima_module.h	1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.12-rc4-ima/include/linux/ima_module.h	2005-05-19 17:59:19.000000000 -0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <sailer@private>
+ *
+ * Maintained by: TBD
+ *
+ * LSM IBM Integrity Measurement Architecture.		  
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * File: ima_module.h
+ *             define modules measurement hook (no LSM hook) to measure
+ *             modules before they are relocated
+ */
+#ifdef CONFIG_IMA_MEASURE
+extern int ima_terminating;
+extern void measure_kernel_module(void *start, unsigned long len, void *uargs);
+
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+	if (!ima_terminating)
+		measure_kernel_module(start, len, uargs);
+}
+#else
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+}
+#endif
diff -uprN linux-2.6.12-rc4/kernel/module.c linux-2.6.12-rc4-ima/kernel/module.c
--- linux-2.6.12-rc4/kernel/module.c	2005-05-07 01:20:31.000000000 -0400
+++ linux-2.6.12-rc4-ima/kernel/module.c	2005-05-19 17:59:19.000000000 -0400
@@ -38,6 +38,7 @@
 #include <asm/uaccess.h>
 #include <asm/semaphore.h>
 #include <asm/cacheflush.h>
+#include <linux/ima_module.h>
 
 #if 0
 #define DEBUGP printk
@@ -1441,6 +1442,8 @@ static struct module *load_module(void _
 	if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
 		goto truncated;
 
+	ima_measure_module((void *)hdr, len, (void *)uargs);
+
 	/* Convenience variables */
 	sechdrs = (void *)hdr + hdr->e_shoff;
 	secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;

• Previous message: Reiner Sailer: "[PATCH 3 of 4] ima: Linux Security Module implementation"
• Next in thread: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
• Reply: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
• Reply: Reiner Sailer: "Re: [PATCH 4 of 4] ima: module measure extension"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri May 20 2005 - 11:21:47 PDT