В Mon, 9 Oct 2017 13:31:55 -0700 Matthew Garrett <mjg59@xxxxxxxxxx> пишет: > On Mon, Oct 9, 2017 at 1:23 PM, Mikhail Kurinnoi > <viewizard@xxxxxxxxxxxxx> wrote: > > But, isn't this mean we could have this scenario of offline > > manipulations: > > 1) store old file with xattrs; > > 2) wait; > > 3) replace new file with fixed exploits on old one. > > An attacker capable of making offline manipulations is capable of > modifying the filesystem such that they can give the file the > appropriate inode number anyway. Hmmm... you are right. I like the idea make portable EVM format support simple. With all this changes, portable EVM format support will not require changes in fs, and will not require immutable EVM format support. Mimi mentioned, that someone ask about immutable EVM format support, but, we could work on it later. Matthew, as I understood, you will work on portable EVM format support patch with some more features you need, right? I have a lot of work now, and could not be in assistance in order to rework previous patches. :-( -- Best regards, Mikhail Kurinnoi
