lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Dec 2020 07:45:27 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.11

Hi Linus,

Included in this pull request are just 3 patches.  Other integrity
changes are being upstreamed via EFI (defines a common EFI secure and
trusted boot IMA policy) and BPF LSM (exporting the IMA file cache hash
info based on inode).

The 3 patches included in this pull request:
- bug fix: fail calculating the file hash, when a file not opened for
read and the attempt to re-open it for read fails.
- defer processing the "ima_appraise" boot command line option to avoid
enabling different modes (e.g. fix, log) to when the secure boot flag
is available on arm.
- defines "ima-buf" as the default IMA buffer measurement template in
preparation for the builtin integrity "critical data" policy.

thanks,

Mimi


The following changes since commit 3cea11cd5e3b00d91caf0b4730194039b45c5891:

  Linux 5.10-rc2 (2020-11-01 14:43:51 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.11

for you to fetch changes up to 207cdd565dfc95a0a5185263a567817b7ebf5467:

  ima: Don't modify file descriptor mode on the fly (2020-11-29 07:02:53 -0500)

----------------------------------------------------------------
integrity-v5.11

----------------------------------------------------------------
Ard Biesheuvel (1):
      ima: defer arch_ima_get_secureboot() call to IMA init time

Lakshmi Ramasubramanian (1):
      ima: select ima-buf template for buffer measurement

Roberto Sassu (1):
      ima: Don't modify file descriptor mode on the fly

 include/linux/ima.h                   |  6 ++++++
 security/integrity/ima/ima.h          |  1 +
 security/integrity/ima/ima_appraise.c | 17 +++++++++++------
 security/integrity/ima/ima_crypto.c   | 20 +++++---------------
 security/integrity/ima/ima_main.c     | 25 ++++++++++---------------
 security/integrity/ima/ima_policy.c   |  2 +-
 security/integrity/ima/ima_template.c | 26 ++++++++++++++++++++++++++
 7 files changed, 60 insertions(+), 37 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ