summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2018-09-26evm: Don't deadlock if a crypto algorithm is unavailableMatthew Garrett1-1/+2
2018-09-26Smack: Fix handling of IPv4 traffic received by PF_INET6 socketsPiotr Sawicki1-5/+9
2018-09-19selinux: use GFP_NOWAIT in the AVC kmem_cachesMichal Hocko1-8/+6
2018-08-24Smack: Mark inode instant in smack_task_to_inodeCasey Schaufler1-0/+1
2018-08-03ima: based on policy verify firmware signatures (pre-allocated buffer)Mimi Zohar1-0/+1
2018-06-06selinux: KASAN: slab-out-of-bounds in xattr_getsecuritySachin Grover1-1/+1
2018-06-06Revert "ima: limit file hash setting by user to fix and log modes"Mimi Zohar1-6/+2
2018-05-30ima: Fallback to the builtin hash algorithmPetr Vorel2-0/+15
2018-05-30integrity/security: fix digsig.c build error with header fileRandy Dunlap1-0/+1
2018-04-13selinux: do not check open permission on socketsStephen Smalley1-3/+7
2018-04-08selinux: Remove redundant check for unknown labeling behaviorMatthias Kaehlcke1-16/+0
2018-04-08selinux: Remove unnecessary check of array base in selinux_set_mapping()Matthias Kaehlcke1-1/+1
2018-03-22ima: relax requiring a file signature for new files with zero lengthMimi Zohar1-1/+2
2018-03-22apparmor: Make path_max parameter readonlyJohn Johansen1-1/+1
2018-03-22selinux: check for address length in selinux_socket_bind()Alexander Potapenko1-0/+8
2018-02-25security/keys: BIG_KEY requires CONFIG_CRYPTOArnd Bergmann1-0/+1
2018-02-25selinux: skip bounded transition processing if the policy isn't loadedPaul Moore1-0/+3
2018-02-25selinux: ensure the context is NUL terminated in security_context_to_sid_core()Paul Moore1-10/+8
2018-02-13KEYS: encrypted: fix buffer overread in valid_master_desc()Eric Biggers1-16/+15
2018-01-05KPTI: Rename to PAGE_TABLE_ISOLATIONKees Cook1-1/+1
2018-01-05x86/kaiser: Reenable PARAVIRTBorislav Petkov1-1/+1
2018-01-05kaiser: delete KAISER_REAL_SWITCH optionHugh Dickins1-4/+0
2018-01-05kaiser: KAISER depends on SMPHugh Dickins1-4/+6
2018-01-05kaiser: merged updateDave Hansen1-0/+5
2018-01-05KAISER: Kernel Address IsolationRichard Fellner1-0/+7
2017-12-14KEYS: add missing permission check for request_key() destinationEric Biggers1-9/+37
2017-12-10ima: fix hash algorithm initializationBoshi Wang1-0/+4
2017-11-24ima: do not update security.ima if appraisal status is not INTEGRITY_PASSRoberto Sassu1-0/+3
2017-11-18security/keys: add CONFIG_KEYS_COMPAT to KconfigBilal Amarni1-0/+4
2017-11-15KEYS: trusted: fix writing past end of buffer in trusted_read()Eric Biggers1-11/+12
2017-11-15KEYS: trusted: sanitize all key materialEric Biggers1-28/+22
2017-11-15apparmor: fix undefined reference to `aa_g_hash_policy'John Johansen1-1/+1
2017-11-08KEYS: return full count in keyring_read() if buffer is too smallEric Biggers1-20/+19
2017-10-27KEYS: Fix race between updating and finding a negative keyDavid Howells12-39/+49
2017-10-27KEYS: don't let add_key() update an uninstantiated keyDavid Howells1-0/+10
2017-10-27KEYS: encrypted: fix dereference of NULL user_key_payloadEric Biggers1-0/+7
2017-10-12lsm: fix smack_inode_removexattr and xattr_getsecurity memleakCasey Schaufler1-30/+25
2017-10-05KEYS: prevent KEYCTL_READ on negative keyEric Biggers1-0/+5
2017-10-05KEYS: prevent creating a different user's keyringsEric Biggers4-12/+21
2017-10-05KEYS: fix writing past end of user-supplied buffer in keyring_read()Eric Biggers1-9/+5
2017-10-05security/keys: rewrite all of big_key cryptoJason A. Donenfeld2-71/+59
2017-10-05security/keys: properly zero out sensitive key material in big_keyJason A. Donenfeld1-6/+6
2017-07-12KEYS: Fix an error code in request_master_key()Dan Carpenter1-1/+1
2017-06-14KEYS: encrypted: avoid encrypting/decrypting stack buffersEric Biggers1-8/+9
2017-06-14KEYS: fix freeing uninitialized memory in key_update()Eric Biggers1-3/+2
2017-06-14KEYS: fix dereferencing NULL payload with nonzero lengthEric Biggers1-2/+2
2017-05-25ima: accept previously set IMA_NEW_FILEDaniel Glöckner1-2/+3
2017-04-27KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyringsEric Biggers2-24/+31
2017-04-27KEYS: Change the name of the dead type to ".dead" to prevent user accessDavid Howells1-1/+1
2017-04-27KEYS: Disallow keyrings beginning with '.' to be joined as session keyringsDavid Howells1-2/+7