Re: [PATCH 1/3] libimaevm: Implement imaevm_create_ima_signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 4/27/21 1:47 PM, Stefan Berger wrote:


On 4/26/21 8:02 PM, Colin Walters wrote:


On Tue, Apr 20, 2021, at 2:30 PM, Stefan Berger wrote:


+ fd = open(filename, O_RDONLY);

Missing O_CLOEXEC.



Will do.




+int imaevm_create_ima_signature(const char *filename, EVP_PKEY *pkey,
It'd maximize flexibility for the caller to pass a file descriptor, and not a file name.
We could do this with a callback where the user implements the callback function and providers buffer, size of buffer, and eof indicator, and gets called for providing the data to hash. That would maybe be even more flexible..
Actually, I cannot do this. For this function we have to call ima_calc_hash, which hashes, files, links, directories etc. 


    Stefan
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux