security · 5b36a75bc06a00ede43bf8d9e921052357384072 · Upstream / linux-stable

evm: prohibit userspace writing 'security.evm' HMAC value

Mimi Zohar authored 11 years ago

commit 2fb1c9a4

 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

bb7f9e5c

Name	Last commit	Last update
..
apparmor	new helper: file_inode(file)	12 years ago
integrity	evm: prohibit userspace writing 'security.evm' HMAC value	11 years ago
keys	aio: don't include aio.h in sched.h	12 years ago
selinux	selinux: correctly label /proc inodes in use before the policy is loaded	11 years ago
smack	Smack: include magic.h in smackfs.c	12 years ago
tomoyo	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	12 years ago
yama	yama: Better permission check for ptraceme	12 years ago
Kconfig	KEYS: Move the key config into security/keys/Kconfig	13 years ago
Makefile	security: Yama LSM	13 years ago
capability.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	12 years ago
commoncap.c	kill f_vfsmnt	12 years ago
device_cgroup.c	devcg: remove parent_cgroup.	12 years ago
inode.c	securityfs: fix object creation races	13 years ago
lsm_audit.c	LSM: BUILD_BUG_ON if the common_audit_data union ever grows	13 years ago
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	15 years ago
security.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	12 years ago

GitLab

Menu

Download source code

Download this directory