lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKtyLkEcKAnhdmHb24A2BGGckhjBJANb6XruAmo9L0CBjUMKzA@mail.gmail.com>
Date: Tue, 2 Dec 2025 20:01:24 -0800
From: Fan Wu <wufan@...nel.org>
To: torvalds@...ux-foundation.org
Cc: linux-security-module@...r.kernel.org, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "Borislav Petkov (AMD)" <bp@...en8.de>, 
	Yanzhu Huang <yanzhuhuang@...ux.microsoft.com>
Subject: [GIT PULL] IPE update for 6.19

Hi Linus,

Please merge this PR for the IPE (Integrity Policy Enforcement) update for 6.19.

This PR contains three commits. The primary change is the addition of
support for the AT_EXECVE_CHECK flag. This allows interpreters to
signal the kernel to perform IPE security checks on script files
before execution, extending IPE enforcement to indirectly executed
scripts.

These commits have been tested for several weeks in linux-next without
any issues.

Thanks,
Fan

--

The following changes since commit 7d0a66e4bb9081d75c82ec4957c50034cb0ea449:

  Linux 6.18 (2025-11-30 14:42:10 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe.git
tags/ipe-pr-20251202

for you to fetch changes up to d7ba853c0e47d57805181f5269ba250270d2adde:

  ipe: Update documentation for script enforcement (2025-12-02 19:37:10 -0800)

----------------------------------------------------------------
ipe/stable-6.19 PR 20251202

----------------------------------------------------------------
Borislav Petkov (AMD) (1):
      ipe: Drop a duplicated CONFIG_ prefix in the ifdeffery

Yanzhu Huang (2):
      ipe: Add AT_EXECVE_CHECK support for script enforcement
      ipe: Update documentation for script enforcement

 Documentation/admin-guide/LSM/ipe.rst | 17 ++++++++++++++---
 security/ipe/audit.c                  |  1 +
 security/ipe/hooks.c                  | 29 ++++++++++++++++++++++++++++-
 security/ipe/hooks.h                  |  3 +++
 security/ipe/ipe.c                    |  1 +
 5 files changed, 47 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ