git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Mimi Zohar <zohar@linux.ibm.com>
	Thu, 12 Dec 2024 17:42:23 +0000 (18:42 +0100)
committer	Kees Cook <kees@kernel.org>
	Thu, 19 Dec 2024 01:00:29 +0000 (17:00 -0800)
commit	95b3cdafd7cb74414070893445a9b731793f7b55
tree	0b9a65ed7456098af3d0263f893159a6bf4c11c3	tree
parent	2a69962be4a7e97ab347e05826480a3352c6fbc8	commit \| diff

ima: instantiate the bprm_creds_for_exec() hook

Like direct file execution (e.g. ./script.sh), indirect file execution
(e.g. sh script.sh) needs to be measured and appraised. Instantiate
the new security_bprm_creds_for_exec() hook to measure and verify the
indirect file's integrity. Unlike direct file execution, indirect file
execution is optionally enforced by the interpreter.

Differentiate kernel and userspace enforced integrity audit messages.

Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20241212174223.389435-9-mic@digikod.net
Signed-off-by: Kees Cook <kees@kernel.org>

include/uapi/linux/audit.h		diff \| blob \| history
security/integrity/ima/ima_appraise.c		diff \| blob \| history
security/integrity/ima/ima_main.c		diff \| blob \| history