AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-21 02:01:05 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2cd4737bc8
linux_dsm_epyc7002/security/integrity/ima
History
Mimi Zohar 2cd4737bc8 ima: prevent a file already mmap'ed write to be mmap'ed execute 
The kernel calls deny_write_access() to prevent a file already opened
for write from being executed and also prevents files being executed
from being opened for write.  For some reason this does not extend to
files being mmap'ed execute.

From an IMA perspective, measuring/appraising the integrity of a file
being mmap'ed shared execute, without first making sure the file cannot
be modified, makes no sense.  This patch prevents files, in policy,
already mmap'ed shared write, from being mmap'ed execute.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2019-06-04 16:47:30 -04:00
..
ima_api.c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-12-27 12:04:52 -08:00
ima_appraise.c security: mark expected switch fall-throughs and add a missing break 2019-02-22 09:56:09 -08:00
ima_crypto.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
ima_fs.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_init.c tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
ima_kexec.c mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
ima_main.c ima: prevent a file already mmap'ed write to be mmap'ed execute 2019-06-04 16:47:30 -04:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c ima: show rules with IMA_INMASK correctly 2019-05-29 23:18:25 -04:00
ima_queue.c tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
ima_template_lib.c security: mark expected switch fall-throughs and add a missing break 2019-02-22 09:56:09 -08:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima.h Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-03-10 17:37:29 -07:00
Kconfig x86/ima: define arch_get_ima_policy() for x86 2018-12-11 07:13:41 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00