[PATCH v2] ima: instantiate the bprm_creds_for_exec() hook
Stefan Berger
stefanb at linux.ibm.com
Thu Dec 5 15:44:23 UTC 2024
On 12/3/24 6:34 PM, Mimi Zohar wrote:
> Like direct file execution (e.g. ./script.sh), indirect file exection
> (e.g. sh script.sh) needs to be measured and appraised. Instantiate
> the new security_bprm_creds_for_exec() hook to measure and verify the
> indirect file's integrity. Unlike direct file execution, indirect file
> execution is optionally enforced by the interpreter.
>
> Differentiate kernel and userspace enforced integrity audit messages.
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
Tested-by: Stefan Berger <stefanb at linux.ibm.com>
More information about the Linux-security-module-archive
mailing list