ima: instantiate the bprm_creds_for_exec() hook - kernel/linux.git

diff options

author	Mimi Zohar <zohar@linux.ibm.com>	2024-12-12 20:42:23 +0300
committer	Kees Cook <kees@kernel.org>	2024-12-19 04:00:29 +0300
commit	95b3cdafd7cb74414070893445a9b731793f7b55 (patch)
tree	0b9a65ed7456098af3d0263f893159a6bf4c11c3 /tools/testing/vsock/Makefile
parent	2a69962be4a7e97ab347e05826480a3352c6fbc8 (diff)
download	linux-95b3cdafd7cb74414070893445a9b731793f7b55.tar.xz

ima: instantiate the bprm_creds_for_exec() hook

Like direct file execution (e.g. ./script.sh), indirect file execution (e.g. sh script.sh) needs to be measured and appraised. Instantiate the new security_bprm_creds_for_exec() hook to measure and verify the indirect file's integrity. Unlike direct file execution, indirect file execution is optionally enforced by the interpreter. Differentiate kernel and userspace enforced integrity audit messages. Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20241212174223.389435-9-mic@digikod.net Signed-off-by: Kees Cook <kees@kernel.org>

Diffstat (limited to 'tools/testing/vsock/Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: