github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-13 09:17:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2bdb34c61e
linux/security/integrity/ima
History
Roberto Sassu 709ed96f6e ima: Don't modify file descriptor mode on the fly 
commit 207cdd565d upstream.

Commit a408e4a86b ("ima: open a new file instance if no read
permissions") already introduced a second open to measure a file when the
original file descriptor does not allow it. However, it didn't remove the
existing method of changing the mode of the original file descriptor, which
is still necessary if the current process does not have enough privileges
to open a new one.

Changing the mode isn't really an option, as the filesystem might need to
do preliminary steps to make the read possible. Thus, this patch removes
the code and keeps the second open as the only option to measure a file
when it is unreadable with the original file descriptor.

Cc: <stable@vger.kernel.org> # 4.20.x: 0014cc04e8 ima: Set file->f_mode
Fixes: 2fe5d6def1 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:12 +01:00
..
ima_api.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
ima_appraise.c IMA: don't propagate opened through the entire thing 2018-07-12 10:04:19 -04:00
ima_crypto.c ima: Don't modify file descriptor mode on the fly 2020-12-30 11:26:12 +01:00
ima_fs.c ima: Fix return value of ima_write_policy() 2020-05-27 17:37:29 +02:00
ima_init.c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-22 09:05:26 +02:00
ima_kexec.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_main.c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-08-15 10:25:26 -07:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c ima: Directly assign the ima_default_policy pointer to ima_rules 2020-06-22 09:05:21 +02:00
ima_queue.c ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead 2018-07-28 17:03:11 +03:00
ima_template_lib.c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-22 09:05:26 +02:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c ima: Fix line continuation format 2017-12-18 09:43:47 -05:00
ima.h ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-22 09:05:26 +02:00
Kconfig ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00