| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Dec 2018 07:16:52 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: Matthew Wilcox <willy@...radead.org>,
Mickaël Salaün <mic@...ikod.net>,
linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
James Morris <jmorris@...ei.org>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Matthew Garrett <mjg59@...gle.com>,
Michael Kerrisk <mtk.manpages@...il.com>,
Mickaël Salaün <mickael.salaun@....gouv.fr>,
Philippe Trébuchet
<philippe.trebuchet@....gouv.fr>, Shuah Khan <shuah@...nel.org>,
Thibaut Sautereau <thibaut.sautereau@....gouv.fr>,
Vincent Strubel <vincent.strubel@....gouv.fr>,
Yves-Alexis Perez <yves-alexis.perez@....gouv.fr>,
kernel-hardening@...ts.openwall.com, linux-api@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
linux-integrity <linux-integrity@...r.kernel.org>
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC
[Cc'ing linux-integrity]
On Thu, 2018-12-13 at 12:26 +0100, Florian Weimer wrote:
> * Mimi Zohar:
>
> > The indication needs to be set during file open, before the open
> > returns to the caller. This is the point where ima_file_check()
> > verifies the file's signature. On failure, access to the file is
> > denied.
>
> Does this verification happen for open with O_PATH?
Interesting! According to the manpage, userspace cannot read/write to
the file. It looks like do_o_path() intentionally skips do_last(),
with the call to ima_file_check(). If the file data isn't being
accessed, does the file's integrity need to be verified?
Mimi
Powered by blists - more mailing lists