Each time a file in policy, that is already opened for read, is opened for write a Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit message is emitted and a violation record is added to the IMA measurement list, even if a ToMToU violation has already been recorded.
Limit the number of ToMToU integrity violations for an existing file open for read. Note: The IMA_MUST_MEASURE atomic flag must be set from the reader side based on policy. This may result in a per open reader additional ToMToU violation. Signed-off-by: Mimi Zohar <[email protected]> --- security/integrity/ima/ima_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cde3ae55d654..f1671799a11b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -129,9 +129,10 @@ static void ima_rdwr_violation_check(struct file *file, if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { if (!iint) iint = ima_iint_find(inode); + /* IMA_MEASURE is set from reader side */ - if (iint && test_bit(IMA_MUST_MEASURE, - &iint->atomic_flags)) + if (iint && test_and_clear_bit(IMA_MUST_MEASURE, + &iint->atomic_flags)) send_tomtou = true; } } else { -- 2.48.1
