git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 27 Jan 2025 15:45:48 +0000 (10:45 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 20 Apr 2025 08:18:11 +0000 (10:18 +0200)
commit	df6a85b562cedceb9b986b9b234e0d537fd150e6
tree	c6c0c325da3b3d33893f7ada360425c671e75193	tree
parent	34e7194cfa84fc8cc9965327181acae959f15ebb	commit \| diff

ima: limit the number of ToMToU integrity violations

commit a414016218ca97140171aa3bb926b02e1f68c2cc upstream.

Each time a file in policy, that is already opened for read, is opened
for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list. This occurs even if a ToMToU violation has already
been recorded.

Limit the number of ToMToU integrity violations per file open for read.

Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader
side based on policy. This may result in a per file open for read
ToMToU violation.

Since IMA_MUST_MEASURE is only used for violations, rename the atomic
IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU.

Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

security/integrity/ima/ima.h		diff \| blob \| blame \| history
security/integrity/ima/ima_main.c		diff \| blob \| blame \| history