linux/security/integrity
Dmitry Kasatkin 72e1eed8ab integrity: prevent loading untrusted certificates on the IMA trusted keyring
If IMA_LOAD_X509 is enabled, either directly or indirectly via
IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA
trusted keyring by the kernel via key_create_or_update(). When
the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded
without first verifying the certificate is properly signed by a
trusted key on the system keyring.  This patch removes the
KEY_ALLOC_TRUSTED flag.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Cc:  <stable@vger.kernel.org> # 3.19+
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-10-09 15:31:18 -04:00
..
evm evm: fix potential race when removing xattrs 2015-05-21 13:28:47 -04:00
ima Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
digsig.c integrity: prevent loading untrusted certificates on the IMA trusted keyring 2015-10-09 15:31:18 -04:00
iint.c integrity: add validity checks for 'path' parameter 2015-05-21 13:59:28 -04:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h integrity: add validity checks for 'path' parameter 2015-05-21 13:59:28 -04:00
Kconfig kconfig: use bool instead of boolean for type definition attributes 2015-01-07 13:08:04 +01:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00