On 3/24/2021 4:58 AM, Dmitry Vyukov wrote:
> On Wed, Mar 24, 2021 at 12:49 PM Mimi Zohar wrote:
>> On Wed, 2021-03-24 at 12:37 +0100, Dmitry Vyukov wrote:
>>> On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
>>> wrote:
On 2021/03/24 20:10, Mimi Zohar wrote:
> On Wed, 2021-03-24 at 19:10 +09
On Wed, 2021-03-24 at 12:58 +0100, Dmitry Vyukov wrote:
> On Wed, Mar 24, 2021 at 12:49 PM Mimi Zohar wrote:
> >
> > On Wed, 2021-03-24 at 12:37 +0100, Dmitry Vyukov wrote:
> > > On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
> > > wrote:
> > > >
> > > > On 2021/03/24 20:10, Mimi Zohar wrote:
> >
On Wed, Mar 24, 2021 at 12:49 PM Mimi Zohar wrote:
>
> On Wed, 2021-03-24 at 12:37 +0100, Dmitry Vyukov wrote:
> > On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
> > wrote:
> > >
> > > On 2021/03/24 20:10, Mimi Zohar wrote:
> > > > On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
> > > >> On
On Wed, 2021-03-24 at 12:37 +0100, Dmitry Vyukov wrote:
> On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
> wrote:
> >
> > On 2021/03/24 20:10, Mimi Zohar wrote:
> > > On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
> > >> On 2021/03/24 1:13, Mimi Zohar wrote:
> > >>> On Wed, 2021-03-24 at 00
On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
wrote:
>
> On 2021/03/24 20:10, Mimi Zohar wrote:
> > On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
> >> On 2021/03/24 1:13, Mimi Zohar wrote:
> >>> On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
> On 2021/03/23 23:47, Mimi Zohar
On 2021/03/24 20:10, Mimi Zohar wrote:
> On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
>> On 2021/03/24 1:13, Mimi Zohar wrote:
>>> On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
On 2021/03/23 23:47, Mimi Zohar wrote:
> Initially I also questioned making "integrity" an LSM
On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
> On 2021/03/24 1:13, Mimi Zohar wrote:
> > On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
> >> On 2021/03/23 23:47, Mimi Zohar wrote:
> >>> Initially I also questioned making "integrity" an LSM. Perhaps it's
> >>> time to reconsider.
On 2021/03/24 1:13, Mimi Zohar wrote:
> On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
>> On 2021/03/23 23:47, Mimi Zohar wrote:
>>> Initially I also questioned making "integrity" an LSM. Perhaps it's
>>> time to reconsider. For now, it makes sense to just fix the NULL
>>> pointer derefe
On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
> On 2021/03/23 23:47, Mimi Zohar wrote:
> > Initially I also questioned making "integrity" an LSM. Perhaps it's
> > time to reconsider. For now, it makes sense to just fix the NULL
> > pointer dereferencing.
>
> Do we think calling panic()
On 2021/03/23 23:47, Mimi Zohar wrote:
> Initially I also questioned making "integrity" an LSM. Perhaps it's
> time to reconsider. For now, it makes sense to just fix the NULL
> pointer dereferencing.
Do we think calling panic() as "fix the NULL pointer dereferencing" ?
On Tue, 2021-03-23 at 23:01 +0900, Tetsuo Handa wrote:
> On 2021/03/23 22:37, Tetsuo Handa wrote:
> > On 2021/03/23 21:09, Mimi Zohar wrote:
> >> Please take a look at the newer version of this patch. Do you want to
> >> add any tags?
> >
> > Oh, I didn't know that you already posted the newer v
On 2021/03/23 22:37, Tetsuo Handa wrote:
> On 2021/03/23 21:09, Mimi Zohar wrote:
>> Please take a look at the newer version of this patch. Do you want to
>> add any tags?
>
> Oh, I didn't know that you already posted the newer version.
>
>> diff --git a/security/integrity/iint.c b/security/int
On 2021/03/23 21:09, Mimi Zohar wrote:
> Please take a look at the newer version of this patch. Do you want to
> add any tags?
Oh, I didn't know that you already posted the newer version.
> diff --git a/security/integrity/iint.c b/security/integrity/iint.c
> index 1d20003243c3..0ba01847e836 100
On Tue, 2021-03-23 at 10:46 +0900, Tetsuo Handa wrote:
> On 2021/03/20 5:03, Mimi Zohar wrote:
> > The integrity's "iint_cache" is initialized at security_init(). Only
> > after an IMA policy is loaded, which is initialized at late_initcall,
> > is a file's integrity status stored in the "iint_cac
On 2021/03/20 5:03, Mimi Zohar wrote:
> The integrity's "iint_cache" is initialized at security_init(). Only
> after an IMA policy is loaded, which is initialized at late_initcall,
> is a file's integrity status stored in the "iint_cache".
>
> All integrity_inode_get() callers first verify that t
On Mon, 2021-03-22 at 09:52 -0700, Eric Biggers wrote:
> On Mon, Mar 22, 2021 at 11:42:07AM -0400, Mimi Zohar wrote:
> >
> > Reported-by: Dmitry Vyukov
> > Fixes: 79f7865d844c ("LSM: Introduce "lsm=" for boottime LSM selection")
> > Signed-off-by: Mimi Zohar
>
> Missing Cc stable?
Yes, I was w
On Mon, Mar 22, 2021 at 11:42:07AM -0400, Mimi Zohar wrote:
>
> Reported-by: Dmitry Vyukov
> Fixes: 79f7865d844c ("LSM: Introduce "lsm=" for boottime LSM selection")
> Signed-off-by: Mimi Zohar
Missing Cc stable?
- Eric
The kernel may be built with multiple LSMs, but only a subset may be
enabled on the boot command line by specifying "lsm=". Not including
"integrity" on the ordered LSM list may result in a NULL deref.
As reported by Dmitry Vyukov:
in qemu:
qemu-system-x86_64 -enable-kvm -machine q35,nv
On Mon, Mar 22, 2021 at 8:11 AM Tetsuo Handa
wrote:
>
> On 2021/03/20 5:03, Mimi Zohar wrote:
> > The integrity's "iint_cache" is initialized at security_init(). Only
> > after an IMA policy is loaded, which is initialized at late_initcall,
> > is a file's integrity status stored in the "iint_cac
On 2021/03/20 5:03, Mimi Zohar wrote:
> The integrity's "iint_cache" is initialized at security_init(). Only
> after an IMA policy is loaded, which is initialized at late_initcall,
> is a file's integrity status stored in the "iint_cache".
>
> All integrity_inode_get() callers first verify that t
From: Test
The integrity's "iint_cache" is initialized at security_init(). Only
after an IMA policy is loaded, which is initialized at late_initcall,
is a file's integrity status stored in the "iint_cache".
All integrity_inode_get() callers first verify that the IMA policy has
been loaded, befo
21 matches
Mail list logo
