ima: fix filename hint to reflect script interpreter name
authorMimi Zohar <zohar@us.ibm.com>
Tue, 15 May 2012 01:50:11 +0000 (21:50 -0400)
committerJames Morris <james.l.morris@oracle.com>
Wed, 16 May 2012 00:36:41 +0000 (10:36 +1000)
When IMA was first upstreamed, the bprm filename and interp were
always the same.  Currently, the bprm->filename and bprm->interp
are the same, except for when only bprm->interp contains the
interpreter name.  So instead of using the bprm->filename as
the IMA filename hint in the measurement list, we could replace
it with bprm->interp, but this feels too fragil.

The following patch is not much better, but at least there is some
indication that sometimes we're passing the filename and other times
the interpreter name.

Reported-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/integrity/ima/ima_main.c

index 1eff5cb001e53b511d7d9ec96adc320af73a6a66..b17be79b9cf24b8f2319ea2d54875b0a048dcfdf 100644 (file)
@@ -194,7 +194,9 @@ int ima_bprm_check(struct linux_binprm *bprm)
 {
        int rc;
 
-       rc = process_measurement(bprm->file, bprm->filename,
+       rc = process_measurement(bprm->file,
+                                (strcmp(bprm->filename, bprm->interp) == 0) ?
+                                bprm->filename : bprm->interp,
                                 MAY_EXEC, BPRM_CHECK);
        return 0;
 }