diff for duplicates of <1520632467.3911.49.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 43a00f6..5f58802 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -17,12 +17,12 @@ kexec kernel image and initramfs, kernel modules (new syscall), ima_policy, EVM x509 certificate, and firmware. If these files are signed, like they should be, then IMA prevents them -from being opened for write. Modifying the file via the filesystem -should not be possible. Other sorts of attacks, would probably be +from being opened for write. ?Modifying the file via the filesystem +should not be possible. ?Other sorts of attacks, would probably be possible. If these files aren't signed, then in terms of IMA-measurement the -file measured, might not be the file used. The ToMToU audit message +file measured, might not be the file used. ?The ToMToU audit message is not being generated for these files. > > I'm going to assume I get this for 4.17 from the security tree. @@ -46,3 +46,8 @@ is not being generated for these files. Please add my reviewed-by. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 6f7b4cd..53f845b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,18 +1,10 @@ "ref\020180309193020.GA5149@beast\0" "ref\0CA+55aFyp4Lvz8QVckBr+zp4OfB1VaFNb2J1s0-xEMA9h44c0UA@mail.gmail.com\0" "ref\0CAGXu5j++Ju0Jg0O3gXPGD7Nzy8uE3NZo_dCF-L0hontG_P+5yw@mail.gmail.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v2] exec: Set file unwritable before LSM check\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v2] exec: Set file unwritable before LSM check\0" "Date\0Fri, 09 Mar 2018 16:54:27 -0500\0" - "To\0Kees Cook <keescook@chromium.org>" - " Linus Torvalds <torvalds@linux-foundation.org>\0" - "Cc\0James Morris <jmorris@namei.org>" - Linux Kernel Mailing List <linux-kernel@vger.kernel.org> - LSM List <linux-security-module@vger.kernel.org> - Serge E. Hallyn <serge@hallyn.com> - linux-integrity <linux-integrity@vger.kernel.org> - Paul Moore <paul@paul-moore.com> - " Stephen Smalley <sds@tycho.nsa.gov>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2018-03-09 at 11:54 -0800, Kees Cook wrote:\n" @@ -34,12 +26,12 @@ "ima_policy, EVM x509 certificate, and firmware.\n" "\n" "If these files are signed, like they should be, then IMA prevents them\n" - "from being opened for write. Modifying the file via the filesystem\n" - "should not be possible. Other sorts of attacks, would probably be\n" + "from being opened for write. ?Modifying the file via the filesystem\n" + "should not be possible. ?Other sorts of attacks, would probably be\n" "possible.\n" "\n" "If these files aren't signed, then in terms of IMA-measurement the\n" - "file measured, might not be the file used. The ToMToU audit message\n" + "file measured, might not be the file used. ?The ToMToU audit message\n" "is not being generated for these files.\n" "\n" "> > I'm going to assume I get this for 4.17 from the security tree.\n" @@ -62,6 +54,11 @@ "\n" "Please add my reviewed-by.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -cd37a986b3a960db998afaf6e31d5d75820a79435c758ca792407cefcc68c999 +45f6dd9b3353e85f172f42a3c45824f8b90b146322e482476769aaa17e1cf65f
diff --git a/a/1.txt b/N2/1.txt index 43a00f6..a90934f 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -17,12 +17,12 @@ kexec kernel image and initramfs, kernel modules (new syscall), ima_policy, EVM x509 certificate, and firmware. If these files are signed, like they should be, then IMA prevents them -from being opened for write. Modifying the file via the filesystem -should not be possible. Other sorts of attacks, would probably be +from being opened for write. Modifying the file via the filesystem +should not be possible. Other sorts of attacks, would probably be possible. If these files aren't signed, then in terms of IMA-measurement the -file measured, might not be the file used. The ToMToU audit message +file measured, might not be the file used. The ToMToU audit message is not being generated for these files. > > I'm going to assume I get this for 4.17 from the security tree. diff --git a/a/content_digest b/N2/content_digest index 6f7b4cd..c8ae692 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -34,12 +34,12 @@ "ima_policy, EVM x509 certificate, and firmware.\n" "\n" "If these files are signed, like they should be, then IMA prevents them\n" - "from being opened for write. Modifying the file via the filesystem\n" - "should not be possible. Other sorts of attacks, would probably be\n" + "from being opened for write. \302\240Modifying the file via the filesystem\n" + "should not be possible. \302\240Other sorts of attacks, would probably be\n" "possible.\n" "\n" "If these files aren't signed, then in terms of IMA-measurement the\n" - "file measured, might not be the file used. The ToMToU audit message\n" + "file measured, might not be the file used. \302\240The ToMToU audit message\n" "is not being generated for these files.\n" "\n" "> > I'm going to assume I get this for 4.17 from the security tree.\n" @@ -64,4 +64,4 @@ "\n" Mimi -cd37a986b3a960db998afaf6e31d5d75820a79435c758ca792407cefcc68c999 +e2df52fa5e2b0a09e5fbefec56116bb292ef4d10527acd392a72fb5c07670d95
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.