Re: [PATCH] exec: Set file unwritable before LSM check

On Fri, Mar 9, 2018 at 11:07 AM, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a ToCToU issue between the > LSM verification and the actual contents of the file later. Can we please not add

Re: [PATCH] exec: Set file unwritable before LSM check

On Fri, Mar 9, 2018 at 11:07 AM, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a ToCToU issue between the > LSM verification and the actual contents of the file later. Can we please not add random crazy six-letter

[PATCH] exec: Set file unwritable before LSM check

The LSM check should happen after the file has been confirmed to be unchanging. Without this, we could have a ToCToU issue between the LSM verification and the actual contents of the file later. Signed-off-by: Kees Cook --- Only loadpin and SELinux implement this hook.

[PATCH] exec: Set file unwritable before LSM check

The LSM check should happen after the file has been confirmed to be unchanging. Without this, we could have a ToCToU issue between the LSM verification and the actual contents of the file later. Signed-off-by: Kees Cook --- Only loadpin and SELinux implement this hook. From what I can see, this