| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5a2b46ef-71de-03f5-3d4d-ef6834a33971@linux.ibm.com>
Date: Thu, 26 Jan 2023 17:25:15 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>, zohar@...ux.ibm.com,
dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk,
Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH ima-evm-utils] Add tests for MMAP_CHECK and
MMAP_CHECK_REQPROT hooks
On 1/26/23 11:38, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> Add tests to ensure that, after applying the kernel patch 'ima: Align
> ima_file_mmap() parameters with mmap_file LSM hook', the MMAP_CHECK hook
> checks the protections applied by the kernel and not those requested by the
> application.
>
> Also ensure that after applying 'ima: Introduce MMAP_CHECK_REQPROT hook',
> the MMAP_CHECK_REQPROT hook checks the protections requested by the
> application.
below LGTM
How do you tell the user that the patches need to be applied for the test to
succeed and not worry about it when the patches are not applied?
>
> Test both with the test_mmap application that by default requests the
> PROT_READ protection flag. Its syntax is:
>
> +
> +check_mmap() {
> + local hook="$1"
> + local arg="$2"
> + local test_file
> + local fowner
> + local rule
> + local result
> + local test_file_entry
> +
you can write them all in one line: 'local test_file fowner rule result test_file_entry'
Powered by blists - more mailing lists