mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
Mimi Zohar 0d29174959 ima: detect changes to the backing overlay file 
commit b836c4d29f upstream.

Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-11-28 17:15:06 +00:00
..
apparmor apparmor: fix invalid reference on profile->disconnected 2023-11-20 11:57:12 +01:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity ima: detect changes to the backing overlay file 2023-11-28 17:15:06 +00:00
keys KEYS: trusted: Rollback init_trusted() consistently 2023-11-28 17:15:03 +00:00
landlock hostfs: Fix ephemeral inodes 2023-06-12 21:26:19 +02:00
loadpin sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-23 11:14:36 +02:00
smack smackfs: Prevent underflow in smk_set_cipso() 2023-09-13 09:53:22 +02:00
tomoyo mm/gup: remove vmas parameter from get_user_pages_remote() 2023-06-09 16:25:26 -07:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-08 15:26:58 -08:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
min_addr.c
security.c vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:52:58 +02:00