On Thu, Dec 5, 2024 at 11:10 AM Mickaël Salaün <[email protected]> wrote: > > From: Mimi Zohar <[email protected]> > > Like direct file execution (e.g. ./script.sh), indirect file execution > (e.g. sh script.sh) needs to be measured and appraised. Instantiate > the new security_bprm_creds_for_exec() hook to measure and verify the > indirect file's integrity. Unlike direct file execution, indirect file > execution is optionally enforced by the interpreter. > > Differentiate kernel and userspace enforced integrity audit messages. > > Co-developed-by: Roberto Sassu <[email protected]> > Signed-off-by: Roberto Sassu <[email protected]> > Signed-off-by: Mimi Zohar <[email protected]> > Link: https://lore.kernel.org/r/[email protected] > Reviewed-by: Mickaël Salaün <[email protected]> > Signed-off-by: Mickaël Salaün <[email protected]> > Link: https://lore.kernel.org/r/[email protected] > --- > > I added both a Reviewed-by and a Signed-off-by because I may not be the > committer. > > Changes since v21: > * New patch cherry-picked from IMA's patch v3: > > https://lore.kernel.org/r/[email protected] > * Fix a typo in comment: s/execvat/execveat/ . > --- > include/uapi/linux/audit.h | 1 + > security/integrity/ima/ima_appraise.c | 27 +++++++++++++++++++++++-- > security/integrity/ima/ima_main.c | 29 +++++++++++++++++++++++++++ > 3 files changed, 55 insertions(+), 2 deletions(-) > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 75e21a135483..826337905466 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -161,6 +161,7 @@ > #define AUDIT_INTEGRITY_RULE 1805 /* policy rule */ > #define AUDIT_INTEGRITY_EVM_XATTR 1806 /* New EVM-covered xattr */ > #define AUDIT_INTEGRITY_POLICY_RULE 1807 /* IMA policy rules */ > +#define AUDIT_INTEGRITY_DATA_CHECK 1808 /* Userspace enforced data > integrity */
FWIW, in the last discussion I believe Mimi preferred the name AUDIT_INTEGRITY_USERSPACE. https://lore.kernel.org/linux-security-module/[email protected] -- paul-moore.com
