lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1363379758-10071-1-git-send-email-vgoyal@redhat.com>
Date:	Fri, 15 Mar 2013 16:35:54 -0400
From:	Vivek Goyal <vgoyal@...hat.com>
To:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, zohar@...ux.vnet.ibm.com,
	dmitry.kasatkin@...el.com
Cc:	akpm@...ux-foundation.org, ebiederm@...ssion.com, vgoyal@...hat.com
Subject: [RFC PATCH 0/4] IMA: Export functions for file integrity verification

Hi,

This is just a proof of concept RFC to export some functions from IMA for
file integrity verification. And there is a patch which modified binfmt_elf.c
to show how a IMA subsystem user can call into IMA to verify integrity
of a file.

This patch set is far from being done. I am just throwing it out so that
we can start a discussion on whether exporting IMA functions makes sense
and if it does, then how those functions should look like.

Thanks
Vivek

Vivek Goyal (4):
  integrity: Identify asymmetric digital signature using new type
  ima: export new IMA functions for signature verification
  capability: Create a new capability CAP_SIGNED
  binfmt_elf: Elf executable signature verification

 fs/Kconfig.binfmt                     |   12 ++++++++
 fs/binfmt_elf.c                       |   44 +++++++++++++++++++++++++++++++
 include/linux/ima.h                   |   24 ++++++++++++++++-
 include/linux/integrity.h             |    7 +++++
 include/uapi/linux/capability.h       |   12 ++++++++-
 kernel/cred.c                         |    7 +++++
 security/commoncap.c                  |    2 +
 security/integrity/digsig.c           |   11 +++++---
 security/integrity/evm/evm_main.c     |    4 ++-
 security/integrity/ima/ima_api.c      |   16 +++++++++++
 security/integrity/ima/ima_appraise.c |   46 +++++++++++++++++++++++++++++++-
 security/integrity/integrity.h        |   14 +++------
 12 files changed, 181 insertions(+), 18 deletions(-)

-- 
1.7.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ