The policy flags could be targeted by an attacker aiming at disabling IMA,
so that there would be no trace of a file system modification in the
measurement list.
Since the flags can be altered at runtime, it is not possible to make
them become fully read-only, for example with __ro_after_init.
Hi,
On 20/12/2018 19:30, Thiago Jung Bauermann wrote:
Hello Igor,
Igor Stoppa writes:
diff --git a/security/integrity/ima/ima_init.c
b/security/integrity/ima/ima_init.c
index 59d834219cd6..5f4e13e671bf 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
Hello Igor,
Igor Stoppa writes:
> diff --git a/security/integrity/ima/ima_init.c
> b/security/integrity/ima/ima_init.c
> index 59d834219cd6..5f4e13e671bf 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -21,6 +21,7 @@
> #include
> #include
>
The policy flags could be targeted by an attacker aiming at disabling IMA,
so that there would be no trace of a file system modification in the
measurement list.
Since the flags can be altered at runtime, it is not possible to make
them become fully read-only, for example with __ro_after_init.
4 matches
Mail list logo