summaryrefslogtreecommitdiff
path: root/security/integrity/iint.c
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@polito.it>2014-09-12 19:35:56 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-09-18 10:04:12 -0400
commit1b68bdf9cded82d37e443a20c5ed47bbb084d5dc (patch)
treeed09fb584503dce3925af7f0f9d397a8f407d5ea /security/integrity/iint.c
parentf7a859ff7395c0ffe60f9563df5354473e5f9244 (diff)
ima: detect violations for mmaped files
This patch fixes the detection of the 'open_writers' violation for mmaped files. before) an 'open_writers' violation is detected if the policy contains a rule with the criteria: func=FILE_CHECK mask=MAY_READ after) an 'open_writers' violation is detected if the current event matches one of the policy rules. With the old behaviour, the 'open_writers' violation is not detected in the following case: policy: measure func=FILE_MMAP mask=MAY_EXEC steps: 1) open a shared library for writing 2) execute a binary that links that shared library 3) during the binary execution, modify the shared library and save the change result: the 'open_writers' violation measurement is not present in the IMA list. Only binaries executed are protected from writes. For libraries mapped in memory there is the flag MAP_DENYWRITE for this purpose, but according to the output of 'man mmap', the mmap flag is ignored. Since ima_rdwr_violation_check() is now called by process_measurement() the information about if the inode must be measured is already provided by ima_get_action(). Thus the unnecessary function ima_must_measure() has been removed. Changes in v3 (Dmitry Kasatkin): - Violation for MMAP_CHECK function are verified since this patch - Changed patch description a bit Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/iint.c')
0 files changed, 0 insertions, 0 deletions