Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Dec 2018 07:16:52 -0500
From: Mimi Zohar <>
To: Florian Weimer <>
Cc: Matthew Wilcox <>,
        Mickaël Salaün <>,, Al Viro <>,
 Morris <>, Jonathan Corbet <>,
        Kees Cook
 <>, Matthew Garrett <>,
 Kerrisk <>,
        Mickaël Salaün
        Philippe Trébuchet
        Shuah Khan <>,
 Sautereau <>,
        Vincent Strubel
        Yves-Alexis Perez
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

[Cc'ing linux-integrity]

On Thu, 2018-12-13 at 12:26 +0100, Florian Weimer wrote:
> * Mimi Zohar:
> > The indication needs to be set during file open, before the open
> > returns to the caller.  This is the point where ima_file_check()
> > verifies the file's signature.  On failure, access to the file is
> > denied.
> Does this verification happen for open with O_PATH?

Interesting!  According to the manpage, userspace cannot read/write to
the file.  It looks like do_o_path() intentionally skips do_last(),
with the call to ima_file_check().  If the file data isn't being
accessed, does the file's integrity need to be verified?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.