On 12/3/24 6:34 PM, Mimi Zohar wrote:
Like direct file execution (e.g. ./script.sh), indirect file exection (e.g. sh script.sh) needs to be measured and appraised. Instantiate the new security_bprm_creds_for_exec() hook to measure and verify the indirect file's integrity. Unlike direct file execution, indirect file execution is optionally enforced by the interpreter. Differentiate kernel and userspace enforced integrity audit messages. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Tested-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
