lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190529133035.28724-1-roberto.sassu@huawei.com>
Date:   Wed, 29 May 2019 15:30:32 +0200
From:   Roberto Sassu <roberto.sassu@...wei.com>
To:     <zohar@...ux.ibm.com>, <dmitry.kasatkin@...wei.com>,
        <mjg59@...gle.com>
CC:     <linux-integrity@...r.kernel.org>,
        <linux-security-module@...r.kernel.org>,
        <linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <silviu.vlasceanu@...wei.com>,
        Roberto Sassu <roberto.sassu@...wei.com>
Subject: [PATCH v2 0/3] ima/evm fixes for v5.2

Changelog

v1:
- remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file
  attributes cannot be set if the signature is portable and immutable
- patch 3/4: add __ro_after_init to ima_appraise_req_evm variable
  declaration
- patch 3/4: remove ima_appraise_req_evm kernel option and introduce
  'enforce-evm' and 'log-evm' as possible values for ima_appraise=
- remove patch 4/4 (ima: only audit failed appraisal verifications)
- add new patch (ima: show rules with IMA_INMASK correctly)


Roberto Sassu (3):
  evm: check hash algorithm passed to init_desc()
  ima: don't ignore INTEGRITY_UNKNOWN EVM status
  ima: show rules with IMA_INMASK correctly

 .../admin-guide/kernel-parameters.txt         |  3 ++-
 security/integrity/evm/evm_crypto.c           |  3 +++
 security/integrity/ima/ima_appraise.c         |  8 +++++++
 security/integrity/ima/ima_policy.c           | 21 +++++++++++--------
 4 files changed, 25 insertions(+), 10 deletions(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ