linux/security/integrity
Mimi Zohar 2cd4737bc8 ima: prevent a file already mmap'ed write to be mmap'ed execute
The kernel calls deny_write_access() to prevent a file already opened
for write from being executed and also prevents files being executed
from being opened for write.  For some reason this does not extend to
files being mmap'ed execute.

From an IMA perspective, measuring/appraising the integrity of a file
being mmap'ed shared execute, without first making sure the file cannot
be modified, makes no sense.  This patch prevents files, in policy,
already mmap'ed shared write, from being mmap'ed execute.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2019-06-04 16:47:30 -04:00
..
evm evm: check hash algorithm passed to init_desc() 2019-05-29 23:18:25 -04:00
ima ima: prevent a file already mmap'ed write to be mmap'ed execute 2019-06-04 16:47:30 -04:00
platform_certs s390/ipl: read IPL report at early boot 2019-04-26 12:34:05 +02:00
digsig_asymmetric.c integrity: support EC-RDSA signatures for asymmetric_verify 2019-04-18 22:15:03 +08:00
digsig.c integrity, KEYS: add a reference to platform keyring 2019-02-04 17:29:19 -05:00
iint.c get rid of legacy 'get_ds()' function 2019-03-04 10:50:14 -08:00
integrity_audit.c ima: Use audit_log_format() rather than audit_log_string() 2018-07-18 07:27:22 -04:00
integrity.h integrity: Remove references to module keyring 2018-12-17 14:09:39 -08:00
Kconfig s390/ipl: read IPL report at early boot 2019-04-26 12:34:05 +02:00
Makefile s390/ipl: read IPL report at early boot 2019-04-26 12:34:05 +02:00