[RESEND][PATCH] ima: Set and clear FMODE_CAN_READ in ima_calc_file_hash()

Linus Torvalds torvalds at linux-foundation.org
Mon Nov 16 18:09:28 UTC 2020


On Mon, Nov 16, 2020 at 9:41 AM Christoph Hellwig <hch at infradead.org> wrote:
>
> The "issue" with IMA is that it uses security hooks to hook into the
> VFS and then wants to read every file that gets opened on a real file
> system to "measure" the contents vs a hash stashed away somewhere.

Well, but that's easy enough to handle: if the open isn't a read open,
then the old contents don't matter, so you shouldn't bother to measure
the file.

So this literally sounds like a "doctor, doctor, it hurts when I hit
my head with a hammer" situation..

         Linus



More information about the Linux-security-module-archive mailing list