| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 May 2019 10:46:06 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Prakhar Srivastava <prsriva02@...il.com>,
linux-integrity@...r.kernel.org,
inux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: ebiederm@...ssion.com, vgoyal@...hat.com, prsriva@...rosoft.com,
Dave Young <dyoung@...hat.com>
Subject: Re: [PATCH 3/3 v5] call ima_kexec_cmdline from kexec_file_load path
[Cc'ing Dave Young]
On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote:
> From: Prakhar Srivastava <prsriva02@...il.com>
The "From" line above should only appear when the patch author and the
sender differ. You can create the patches under one id and post them
from another id. Something is still wrong.
>
> To measure the cmldine args used in case of soft reboot. Call the
> ima hook defined in [PATCH 1/3 v5]:"add a new ima hook and policy to measure the cmdline"
>
> Signed-off-by: Prakhar Srivastava <prsriva02@...il.com>
> ---
> kernel/kexec_file.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index f1d0e00a3971..e779bcf674a0 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -241,6 +241,8 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> ret = -EINVAL;
> goto out;
> }
> +
> + ima_kexec_cmdline(image->cmdline_buf, image->cmdline_buf_len - 1);
> }
>
> /* Call arch image load handlers */
Much better!
Mimi
Powered by blists - more mailing lists