lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jan 2018 20:51:48 +0100 From: Dongsu Park <dongsu@...volk.io> To: linux-kernel@...r.kernel.org Cc: Alban Crequy <alban@...volk.io>, Miklos Szeredi <miklos@...redi.hu>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, Seth Forshee <seth.forshee@...onical.com>, Dongsu Park <dongsu@...volk.io> Subject: [PATCH 0/2] turn on force option for FUSE in builtin policies In case of FUSE filesystem, cached integrity results in IMA could be reused, when the userspace FUSE process has changed the underlying files. To be able to avoid such cases, we need to turn on the force option in builtin policies, for actions of measure and appraise. Then integrity values become re-measured and re-appraised. In that way, cached integrity results won't be used. This patchset depends on the patch "ima: define a new policy option named force" by Mimi. [1] For details on testing the force option, please refer to the testing report by Alban. [2] The first patch is for simply moving FUSE_*SUPER_MAGIC macros to include/uapi/linux, to be able to use those in other subsystems like security/integrity/ima. The second patch is actually to turn on the force option for FUSE fs in IMA. [1] https://www.spinics.net/lists/linux-integrity/msg00948.html [2] https://marc.info/?l=linux-integrity&m=151559360514676&w=2 Dongsu Park (2): fs/fuse: move SUPER_MAGIC definitions to linux/magic.h ima: turn on force option for FUSE in builtin policies fs/fuse/control.c | 3 +-- fs/fuse/inode.c | 3 +-- include/uapi/linux/magic.h | 3 +++ security/integrity/ima/ima_policy.c | 2 ++ 4 files changed, 7 insertions(+), 4 deletions(-) -- 2.13.6
Powered by blists - more mailing lists