iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e42aec7c75947e0d6b38400628f171364eb8231
linux/security
History
Matthias Kaehlcke 6e42aec7c7 LoadPin: Require file with verity root digests to have a header 
LoadPin expects the file with trusted verity root digests to be
an ASCII file with one digest (hex value) per line. A pinned
root could contain files that meet these format requirements,
even though the hex values don't represent trusted root
digests.

Add a new requirement to the file format which consists in
the first line containing a fixed string. This prevents
attackers from feeding files with an otherwise valid format
to LoadPin.

Suggested-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220906181725.1.I3f51d1bb0014e5a5951be4ad3c5ad7c7ca1dfc32@changeid
2022-09-07 16:37:27 -07:00
..
apparmor
apparmor: correct config reference to intended one
2022-07-20 13:22:19 -07:00
bpf
bpf: Implement task local storage
2020-11-06 08:08:37 -08:00
integrity
Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
2022-08-02 15:21:18 -07:00
keys
KEYS: trusted: tpm2: Fix migratable logic
2022-06-08 14:12:13 +03:00
landlock
landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER
2022-05-23 13:27:59 +02:00
loadpin
LoadPin: Require file with verity root digests to have a header
2022-09-07 16:37:27 -07:00
lockdown
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2020-06-02 17:36:24 -07:00
safesetid
LSM: SafeSetID: Add setgroups() security policy handling
2022-07-15 18:24:42 +00:00
selinux
Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
2022-08-02 14:51:47 -07:00
smack
smack: Remove the redundant lsm_inode_alloc
2022-08-01 11:26:09 -07:00
tomoyo
LSM: Remove double path_rename hook calls for RENAME_EXCHANGE
2022-05-23 13:27:58 +02:00
yama
task_work: cleanup notification modes
2020-10-17 15:05:30 -06:00
commoncap.c
fs: support mapped mounts of mapped filesystems
2021-12-05 10:28:57 +01:00
device_cgroup.c
bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean
2022-01-19 12:51:30 -08:00
inode.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
Kconfig
x86/retbleed: Add fine grained Kconfig knobs
2022-06-29 17:43:41 +02:00
Kconfig.hardening
randstruct: Enable Clang support
2022-05-08 01:33:07 -07:00
lsm_audit.c
selinux: log anon inode class name
2022-05-03 16:09:03 -04:00
Makefile
security: remove unneeded subdir-$(CONFIG_...)
2021-09-03 08:17:20 +09:00
min_addr.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
security.c
Merge tag 'safesetid-6.0' of https://github.com/micah-morton/linux
2022-08-02 15:12:13 -07:00