lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Oct 2020 13:19:31 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.10

Hi Linus,
  
The changes include continuation of the IMA policy rule cleanup and
validation in particular for measuring keys, adding/removing/updating
informational and error messages (e.g. "ima_appraise" boot command line
option), and other bug fixes (e.g. minimal data size validation before
use, return code and NULL pointer checking).

thanks,

Mimi

The following changes since commit d012a7190fc1fd72ed48911e77ca97ba4521bccd:

  Linux 5.9-rc2 (2020-08-23 14:08:43 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.10

for you to fetch changes up to aa662fc04f5b290b3979332588bf8d812b189962:

  ima: Fix NULL pointer dereference in ima_file_hash (2020-09-16 17:43:02 -0400)

----------------------------------------------------------------
integrity-v5.10

----------------------------------------------------------------
Alex Dewar (1):
      ima: Use kmemdup rather than kmalloc+memcpy

Bruno Meneguele (4):
      ima: add check for enforced appraise option
      integrity: invalid kernel parameters feedback
      ima: limit secure boot feedback scope for appraise
      integrity: include keyring name for unknown key request

Denis Efremov (1):
      integrity: Use current_uid() in integrity_audit_message()

KP Singh (1):
      ima: Fix NULL pointer dereference in ima_file_hash

Roberto Sassu (3):
      ima: Don't ignore errors from crypto_shash_update()
      ima: Remove semicolon at the end of ima_get_binary_runtime_size()
      evm: Check size of security.evm before using it

Tyler Hicks (2):
      ima: Pre-parse the list of keyrings in a KEY_CHECK rule
      ima: Fail rule parsing when asymmetric key measurement isn't supportable

 security/integrity/digsig_asymmetric.c |  10 ++-
 security/integrity/evm/evm_main.c      |   9 ++
 security/integrity/ima/ima_appraise.c  |  27 ++++--
 security/integrity/ima/ima_crypto.c    |   2 +
 security/integrity/ima/ima_main.c      |  23 ++++-
 security/integrity/ima/ima_policy.c    | 153 ++++++++++++++++++++++-----------
 security/integrity/ima/ima_queue.c     |   2 +-
 security/integrity/integrity_audit.c   |   2 +-
 8 files changed, 161 insertions(+), 67 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ