mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
journalctl: verify that old entries are not sealed with too recent key (#28885)
When verifying seals produced with forward secure sealing, the verification currently does not check that old entries are only sealed with the key for their epoch and not a more recent one. This missing check allows an attacker to remove seals, and create new ones with the currently available key, and verify will claim everything is in order, although all entries could have been modified. This resolves CVE-2023-31439. Co-authored-by: Felix Dörre <felix.doerre@kit.edu>
This commit is contained in:
parent
09ff0aadf9
commit
3846d3aa29
@ -819,6 +819,7 @@ int journal_file_verify(
|
||||
uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0;
|
||||
|
||||
uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0;
|
||||
usec_t min_entry_realtime = USEC_INFINITY, max_entry_realtime = 0;
|
||||
sd_id128_t entry_boot_id = {}; /* Unnecessary initialization to appease gcc */
|
||||
bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false;
|
||||
uint64_t n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0;
|
||||
@ -1070,6 +1071,9 @@ int journal_file_verify(
|
||||
entry_realtime = le64toh(o->entry.realtime);
|
||||
entry_realtime_set = true;
|
||||
|
||||
max_entry_realtime = MAX(max_entry_realtime, le64toh(o->entry.realtime));
|
||||
min_entry_realtime = MIN(min_entry_realtime, le64toh(o->entry.realtime));
|
||||
|
||||
n_entries++;
|
||||
break;
|
||||
|
||||
@ -1135,12 +1139,13 @@ int journal_file_verify(
|
||||
|
||||
#if HAVE_GCRYPT
|
||||
if (JOURNAL_HEADER_SEALED(f->header)) {
|
||||
uint64_t q, rt;
|
||||
uint64_t q, rt, rt_end;
|
||||
|
||||
debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum));
|
||||
|
||||
rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec;
|
||||
if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) {
|
||||
rt_end = usec_add(rt, f->fss_interval_usec);
|
||||
if (entry_realtime_set && entry_realtime >= rt_end) {
|
||||
error(p,
|
||||
"tag/entry realtime timestamp out of synchronization (%"PRIu64" >= %"PRIu64")",
|
||||
entry_realtime,
|
||||
@ -1148,6 +1153,23 @@ int journal_file_verify(
|
||||
r = -EBADMSG;
|
||||
goto fail;
|
||||
}
|
||||
if (max_entry_realtime >= rt_end) {
|
||||
error(p,
|
||||
"Entry realtime (%"PRIu64", %s) is too late with respect to tag (%"PRIu64", %s)",
|
||||
max_entry_realtime, FORMAT_TIMESTAMP(max_entry_realtime),
|
||||
rt_end, FORMAT_TIMESTAMP(rt_end));
|
||||
r = -EBADMSG;
|
||||
goto fail;
|
||||
}
|
||||
if (min_entry_realtime < rt) {
|
||||
error(p,
|
||||
"Entry realtime (%"PRIu64", %s) is too early with respect to tag (%"PRIu64", %s)",
|
||||
min_entry_realtime, FORMAT_TIMESTAMP(min_entry_realtime),
|
||||
rt, FORMAT_TIMESTAMP(rt));
|
||||
r = -EBADMSG;
|
||||
goto fail;
|
||||
}
|
||||
min_entry_realtime = USEC_INFINITY;
|
||||
|
||||
/* OK, now we know the epoch. So let's now set
|
||||
* it, and calculate the HMAC for everything
|
||||
|
Loading…
Reference in New Issue
Block a user