diff options
author | Mimi Zohar <zohar@us.ibm.com> | 2012-05-15 03:50:11 +0200 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-16 02:36:41 +0200 |
commit | fbbb456347b21279a379b42eeb31151c33d8dd49 (patch) | |
tree | d1d5debe01e000fd38f2af8232d342a054b754a4 /security/integrity/ima | |
parent | Merge branch 'for-1205' of http://git.gitorious.org/smack-next/kernel into next (diff) | |
download | linux-fbbb456347b21279a379b42eeb31151c33d8dd49.tar.xz linux-fbbb456347b21279a379b42eeb31151c33d8dd49.zip |
ima: fix filename hint to reflect script interpreter name
When IMA was first upstreamed, the bprm filename and interp were
always the same. Currently, the bprm->filename and bprm->interp
are the same, except for when only bprm->interp contains the
interpreter name. So instead of using the bprm->filename as
the IMA filename hint in the measurement list, we could replace
it with bprm->interp, but this feels too fragil.
The following patch is not much better, but at least there is some
indication that sometimes we're passing the filename and other times
the interpreter name.
Reported-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_main.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1eff5cb001e5..b17be79b9cf2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,7 +194,9 @@ int ima_bprm_check(struct linux_binprm *bprm) { int rc; - rc = process_measurement(bprm->file, bprm->filename, + rc = process_measurement(bprm->file, + (strcmp(bprm->filename, bprm->interp) == 0) ? + bprm->filename : bprm->interp, MAY_EXEC, BPRM_CHECK); return 0; } |