linux/security/integrity
Mimi Zohar 5ff849948c ima: detect changes to the backing overlay file
commit b836c4d29f upstream.

Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-28 16:56:29 +00:00
..
evm evm: Fix build warnings 2023-07-23 13:46:48 +02:00
ima ima: detect changes to the backing overlay file 2023-11-28 16:56:29 +00:00
platform_certs efi: Add iMac Pro 2017 to uefi skip cert quirk 2023-01-12 11:58:56 +01:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-02-16 12:56:03 +01:00
digsig.c integrity: Fix memory leakage in keyring allocation error path 2022-12-31 13:14:10 +01:00
iint.c ima: annotate iint mutex to avoid lockdep false positive warnings 2023-11-28 16:56:29 +00:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-16 12:56:03 +01:00
integrity.h ima: detect changes to the backing overlay file 2023-11-28 16:56:29 +00:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00