mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
Mimi Zohar 143f450c6c ima: detect changes to the backing overlay file 
commit b836c4d29f upstream.

Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-11-28 17:07:12 +00:00
..
apparmor apparmor: fix invalid reference on profile->disconnected 2023-11-20 11:52:09 +01:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity ima: detect changes to the backing overlay file 2023-11-28 17:07:12 +00:00
keys KEYS: trusted: Rollback init_trusted() consistently 2023-11-28 17:07:10 +00:00
landlock landlock: Fix documentation style 2022-09-29 18:43:04 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:33:07 +01:00
lockdown lockdown: ratelimit denial messages 2022-09-14 07:37:50 -04:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-23 11:11:11 +02:00
smack smack: Retrieve transmuting information in smack_inode_getsecurity() 2023-10-06 14:56:59 +02:00
tomoyo tomoyo: fix broken dependency on *.conf.default 2023-02-01 08:34:06 +01:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-06-29 17:43:41 +02:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-25 11:25:43 +01:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-10-28 06:44:33 -04:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-07 11:11:56 +01:00
inode.c
lsm_audit.c lsm: clean up redundant NULL pointer check 2022-08-15 22:44:01 -04:00
min_addr.c
security.c vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:42:28 +02:00