korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 21:38:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
72e1eed8ab
linux/security
History
Dmitry Kasatkin 72e1eed8ab integrity: prevent loading untrusted certificates on the IMA trusted keyring 
If IMA_LOAD_X509 is enabled, either directly or indirectly via
IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA
trusted keyring by the kernel via key_create_or_update(). When
the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded
without first verifying the certificate is properly signed by a
trusted key on the system keyring.  This patch removes the
KEY_ALLOC_TRUSTED flag.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Cc:  <stable@vger.kernel.org> # 3.19+
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-10-09 15:31:18 -04:00
..
apparmor Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
integrity integrity: prevent loading untrusted certificates on the IMA trusted keyring 2015-10-09 15:31:18 -04:00
keys KEYS: Fix race between key destruction and finding a keyring by name 2015-09-25 16:30:08 +01:00
selinux mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
smack Smack - Fix build error with bringup unconfigured 2015-08-12 18:10:01 -07:00
tomoyo LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
yama Adding YAMA hooks also when YAMA is not stacked. 2015-08-04 01:36:18 +10:00
commoncap.c capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE 2015-09-04 16:54:41 -07:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
Kconfig Yama: remove needless CONFIG_SECURITY_YAMA_STACKED 2015-07-28 13:18:19 +10:00
lsm_audit.c Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
Makefile LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2015-09-08 12:41:25 -07:00