Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-06 13:23:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
50f742dd91
linux/security/integrity
History
THOBY Simon 50f742dd91 IMA: block writes of the security.ima xattr with unsupported algorithms 
By default, writes to the extended attributes security.ima will be
allowed even if the hash algorithm used for the xattr is not compiled
in the kernel (which does not make sense because the kernel would not
be able to appraise that file as it lacks support for validating the
hash).

Prevent and audit writes to the security.ima xattr if the hash algorithm
used in the new value is not available in the current kernel.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-08-16 17:30:41 -04:00
..
evm evm: Check xattr size discrepancy between kernel and user 2021-06-21 08:34:21 -04:00
ima IMA: block writes of the security.ima xattr with unsupported algorithms 2021-08-16 17:30:41 -04:00
platform_certs integrity: Load mokx variables into the blacklist keyring 2021-03-11 16:34:48 +00:00
digsig_asymmetric.c ima: Support EC keys for signature verification 2021-03-26 19:41:59 +11:00
digsig.c ima: enable loading of build time generated key on .ima keyring 2021-04-09 10:40:20 -04:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity_audit.c integrity: Use current_uid() in integrity_audit_message() 2020-08-31 17:46:50 -04:00
integrity.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00