lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 Apr 2020 09:38:41 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     linux-integrity@...r.kernel.org
Cc:     Mimi Zohar <zohar@...ux.ibm.com>, Mickael Salaun <mic@...ikod.net>,
        Steve Grubb <sgrubb@...hat.com>, Jann Horn <jannh@...gle.com>,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] ima: extending IMA policy to support interpreters

On file open, the kernel has no way of differentiating between files
containing data and those with code that will be executed.  Only the
interpreter knows how the file will be used.  To bridge this gap, this
patch set extends the IMA policy language:

- to identify files with the executable mode bit set
- to support the new file open flag MAY_OPENEXEC introduced by Mickael
  Salaun's "[PATCH v3 0/5] Add support for RESOLVE_MAYEXEC" patch set.

Mimi

Mimi Zohar (2):
  ima: add policy support for identifying file execute mode bit
  ima: add policy support for the new file open MAY_OPENEXEC flag

 Documentation/ABI/testing/ima_policy |  7 ++++---
 security/integrity/ima/ima_main.c    |  3 ++-
 security/integrity/ima/ima_policy.c  | 33 +++++++++++++++++++++++++++------
 3 files changed, 33 insertions(+), 10 deletions(-)

-- 
2.7.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ