mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/integrity
History
Mimi Zohar 904f9c1465 ima: detect changes to the backing overlay file 
[ Upstream commit b836c4d29f ]

Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-12-08 08:43:26 +01:00
..
evm evm: Complete description of evm_inode_setattr() 2023-08-11 11:45:03 +02:00
ima ima: detect changes to the backing overlay file 2023-12-08 08:43:26 +01:00
Kconfig
Makefile
digsig.c integrity/security: fix digsig.c build error with header file 2018-02-22 20:09:08 -08:00
digsig_asymmetric.c integrity: prevent deadlock during digsig verification. 2018-07-18 07:27:22 -04:00
iint.c ima: annotate iint mutex to avoid lockdep false positive warnings 2023-12-08 08:43:26 +01:00
integrity.h ima: detect changes to the backing overlay file 2023-12-08 08:43:26 +01:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-16 12:51:43 +01:00