On Sun, Oct 15, 2017 at 7:08 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > Even with this additional patch, there are still potentially missing measurements/appraisals as search_binary_handler is exported. The original search_binary_handler is called twice, once for the original file and again for the interpreter. With these patches, the security hooks are deferred, requiring calls in the specific binary handler. > > For your usecase scenario this might be enough, but for the general case the security_bprm_check hooks would still be needed. Mm. Yeah. Ok let me try tackling this in a different way.
