Re: [PATCH] IMA: policy can be updated zero times

On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote: > On 15-12-22 16:50:01, Sasha Levin wrote: > > On 12/22/2015 04:40 PM, Petko Manolov wrote: > > >> Thanks, Sasha. By the time ima_update_policy() is called > > >> >ima_release_policy() has already output the policy update status > > >>

Re: [Linux-ima-devel] [PATCH] IMA: policy can be updated zero times

On Wed, 2015-12-23 at 07:24 -0500, Mimi Zohar wrote: > On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote: > > > On 15-12-22 16:50:01, Sasha Levin wrote: > > > On 12/22/2015 04:40 PM, Petko Manolov wrote: > > > >> Thanks, Sasha. By the time ima_update_policy() is called > > > >>

Re: [PATCH] IMA: policy can be updated zero times

On December 22, 2015 9:56:28 PM GMT+02:00, Mimi Zohar wrote: >On Tue, 2015-12-22 at 08:51 -0500, Sasha Levin wrote: >> Commit "IMA: policy can now be updated multiple times" assumed that >the >> policy would be updated at least once. >> >> If there are zero updates,

Re: [PATCH] IMA: policy can be updated zero times

On 12/22/2015 04:40 PM, Petko Manolov wrote: >> Thanks, Sasha. By the time ima_update_policy() is called >> >ima_release_policy() has already output the policy update status >> >message. I guess an empty policy could be considered a valid policy. >> >Could you add a msg indicating that the new

[PATCH] IMA: policy can be updated zero times

Commit "IMA: policy can now be updated multiple times" assumed that the policy would be updated at least once. If there are zero updates, the temporary list head object will get added to the policy list, and later dereferenced as an IMA policy object, which means that invalid memory will be