dummy/linux-stable-mirror
1
0
Fork 1
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ synced 2025-04-19 20:58:31 +09:00
Code Issues Packages Projects Releases Wiki Activity
linux-stable-mirror/security/integrity/ima
History
Mimi Zohar a414016218 ima: limit the number of ToMToU integrity violations 
Each time a file in policy, that is already opened for read, is opened
for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list.  This occurs even if a ToMToU violation has already
been recorded.

Limit the number of ToMToU integrity violations per file open for read.

Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader
side based on policy.  This may result in a per file open for read
ToMToU violation.

Since IMA_MUST_MEASURE is only used for violations, rename the atomic
IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU.

Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2025-03-27 12:40:12 -04:00
..
ima_api.c
lsm: use lsm_prop in security_current_getsecid
2024-10-11 14:34:14 -04:00
ima_appraise.c
ima: instantiate the bprm_creds_for_exec() hook
2024-12-18 17:00:29 -08:00
ima_asymmetric_keys.c
fs: port xattr to mnt_idmap
2023-01-19 09:24:28 +01:00
ima_crypto.c
ima: add crypto agility support for template-hash algorithm
2024-04-12 09:59:04 -04:00
ima_efi.c
ima: require signed IMA policy when UEFI secure boot is enabled
2023-08-01 08:18:11 -04:00
ima_fs.c
ima: fix wrong zero-assignment during securityfs dentry remove
2024-06-03 16:37:22 -04:00
ima_iint.c
lsm: add the inode_free_security_rcu() LSM implementation hook
2024-08-12 15:35:04 -04:00
ima_init.c
ima: Suspend PCR extends and log appends when rebooting
2024-12-11 11:55:53 -05:00
ima_kexec.c
ima: kexec: silence RCU list traversal warning
2024-12-24 13:56:45 -05:00
ima_main.c
ima: limit the number of ToMToU integrity violations
2025-03-27 12:40:12 -04:00
ima_modsig.c
ima: Add __counted_by for struct modsig and use struct_size()
2023-10-20 10:52:41 -07:00
ima_mok.c
IMA: remove -Wmissing-prototypes warning
2021-07-23 08:05:06 -04:00
ima_policy.c
ima: ignore suffixed policy rule comments
2025-01-03 10:18:43 -05:00
ima_queue_keys.c
fs: port xattr to mnt_idmap
2023-01-19 09:24:28 +01:00
ima_queue.c
ima: Suspend PCR extends and log appends when rebooting
2024-12-11 11:55:53 -05:00
ima_template_lib.c
ima: fix buffer overrun in ima_eventdigest_init_common
2024-10-09 22:49:24 -04:00
ima_template_lib.h
ima: define a new template field named 'd-ngv2' and templates
2022-05-05 11:49:13 -04:00
ima_template.c
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
2022-11-16 11:47:55 -05:00
ima.h
ima: limit the number of ToMToU integrity violations
2025-03-27 12:40:12 -04:00
Kconfig
ima: Move to LSM infrastructure
2024-02-15 23:43:46 -05:00
Makefile
ima: Make it independent from 'integrity' LSM
2024-02-15 23:43:47 -05:00