malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/security/integrity
History
Dmitry Kasatkin 72e1eed8ab integrity: prevent loading untrusted certificates on the IMA trusted keyring 
If IMA_LOAD_X509 is enabled, either directly or indirectly via
IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA
trusted keyring by the kernel via key_create_or_update(). When
the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded
without first verifying the certificate is properly signed by a
trusted key on the system keyring.  This patch removes the
KEY_ALLOC_TRUSTED flag.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Cc:  <stable@vger.kernel.org> # 3.19+
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-10-09 15:31:18 -04:00
..
evm
evm: fix potential race when removing xattrs
2015-05-21 13:28:47 -04:00
ima
Minor merge needed, due to function move.
2015-07-01 10:49:25 -07:00
digsig_asymmetric.c
integrity: do zero padding of the key id
2014-10-06 17:33:27 +01:00
digsig.c
integrity: prevent loading untrusted certificates on the IMA trusted keyring
2015-10-09 15:31:18 -04:00
iint.c
integrity: add validity checks for 'path' parameter
2015-05-21 13:59:28 -04:00
integrity_audit.c
Merge git://git.infradead.org/users/eparis/audit
2014-04-12 12:38:53 -07:00
integrity.h
integrity: add validity checks for 'path' parameter
2015-05-21 13:59:28 -04:00
Kconfig
kconfig: use bool instead of boolean for type definition attributes
2015-01-07 13:08:04 +01:00
Makefile
integrity: make integrity files as 'integrity' module
2014-09-09 10:28:58 -04:00