| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1bd027b4212db6f3630b8344efde4678fcd90088.camel@linux.ibm.com>
Date: Wed, 14 Oct 2020 13:19:31 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-integrity <linux-integrity@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.10
Hi Linus,
The changes include continuation of the IMA policy rule cleanup and
validation in particular for measuring keys, adding/removing/updating
informational and error messages (e.g. "ima_appraise" boot command line
option), and other bug fixes (e.g. minimal data size validation before
use, return code and NULL pointer checking).
thanks,
Mimi
The following changes since commit d012a7190fc1fd72ed48911e77ca97ba4521bccd:
Linux 5.9-rc2 (2020-08-23 14:08:43 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.10
for you to fetch changes up to aa662fc04f5b290b3979332588bf8d812b189962:
ima: Fix NULL pointer dereference in ima_file_hash (2020-09-16 17:43:02 -0400)
----------------------------------------------------------------
integrity-v5.10
----------------------------------------------------------------
Alex Dewar (1):
ima: Use kmemdup rather than kmalloc+memcpy
Bruno Meneguele (4):
ima: add check for enforced appraise option
integrity: invalid kernel parameters feedback
ima: limit secure boot feedback scope for appraise
integrity: include keyring name for unknown key request
Denis Efremov (1):
integrity: Use current_uid() in integrity_audit_message()
KP Singh (1):
ima: Fix NULL pointer dereference in ima_file_hash
Roberto Sassu (3):
ima: Don't ignore errors from crypto_shash_update()
ima: Remove semicolon at the end of ima_get_binary_runtime_size()
evm: Check size of security.evm before using it
Tyler Hicks (2):
ima: Pre-parse the list of keyrings in a KEY_CHECK rule
ima: Fail rule parsing when asymmetric key measurement isn't supportable
security/integrity/digsig_asymmetric.c | 10 ++-
security/integrity/evm/evm_main.c | 9 ++
security/integrity/ima/ima_appraise.c | 27 ++++--
security/integrity/ima/ima_crypto.c | 2 +
security/integrity/ima/ima_main.c | 23 ++++-
security/integrity/ima/ima_policy.c | 153 ++++++++++++++++++++++-----------
security/integrity/ima/ima_queue.c | 2 +-
security/integrity/integrity_audit.c | 2 +-
8 files changed, 161 insertions(+), 67 deletions(-)
Powered by blists - more mailing lists