AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
0f2206e3d9
kernel_optimize_test/security/integrity
History
Roberto Sassu 0f2206e3d9 ima: Don't modify file descriptor mode on the fly 
commit 207cdd565dfc95a0a5185263a567817b7ebf5467 upstream.

Commit a408e4a86b ("ima: open a new file instance if no read
permissions") already introduced a second open to measure a file when the
original file descriptor does not allow it. However, it didn't remove the
existing method of changing the mode of the original file descriptor, which
is still necessary if the current process does not have enough privileges
to open a new one.

Changing the mode isn't really an option, as the filesystem might need to
do preliminary steps to make the read possible. Thus, this patch removes
the code and keeps the second open as the only option to measure a file
when it is unreadable with the original file descriptor.

Cc: <stable@vger.kernel.org> # 4.20.x: 0014cc04e8 ima: Set file->f_mode
Fixes: 2fe5d6def1 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:54:17 +01:00
..
evm evm: Check size of security.evm before using it 2020-09-15 13:47:42 -04:00
ima ima: Don't modify file descriptor mode on the fly 2020-12-30 11:54:17 +01:00
platform_certs integrity: Load certs from the EFI MOK config table 2020-09-16 18:53:42 +03:00
digsig_asymmetric.c integrity-v5.10 2020-10-15 15:58:18 -07:00
digsig.c fs/kernel_file_read: Add "offset" arg for partial reads 2020-10-05 13:37:04 +02:00
iint.c integrity/ima: switch to using __kernel_read 2020-07-08 08:27:57 +02:00
integrity_audit.c integrity: Use current_uid() in integrity_audit_message() 2020-08-31 17:46:50 -04:00
integrity.h integrity: Add errno field in audit message 2020-07-16 21:48:11 -04:00
Kconfig
Makefile