Re: [PATCH v2] ima: instantiate the bprm_creds_for_exec() hook

From: Stefan Berger
Date: Thu Dec 05 2024 - 10:49:55 EST

Next message: Max Kellermann: "[PATCH v2] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Previous message: Lucas Stach: "Re: [PATCH v2] drm/etnaviv: add optional reset support"
In reply to: Mickaël Salaün: "Re: [PATCH v2] ima: instantiate the bprm_creds_for_exec() hook"
Next in thread: Mimi Zohar: "[PATCH v2] ima: instantiate the bprm_creds_for_exec() hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/3/24 6:34 PM, Mimi Zohar wrote:

Like direct file execution (e.g. ./script.sh), indirect file exection
(e.g. sh script.sh) needs to be measured and appraised. Instantiate
the new security_bprm_creds_for_exec() hook to measure and verify the
indirect file's integrity. Unlike direct file execution, indirect file
execution is optionally enforced by the interpreter.

Differentiate kernel and userspace enforced integrity audit messages.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Tested-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Next message: Max Kellermann: "[PATCH v2] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Previous message: Lucas Stach: "Re: [PATCH v2] drm/etnaviv: add optional reset support"
In reply to: Mickaël Salaün: "Re: [PATCH v2] ima: instantiate the bprm_creds_for_exec() hook"
Next in thread: Mimi Zohar: "[PATCH v2] ima: instantiate the bprm_creds_for_exec() hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]