On Thu, Oct 19, 2017 at 8:08 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > On Thu, Oct 19, 2017 at 3:14 AM, Dmitry Kasatkin > <dmitry.kasatkin@xxxxxxxxx> wrote: >> But how security.ima will protect against cut and paste attack? >> Attacker can take any other file together with metadata and it will be >> valid one. > > Unless the hashing algorithm is broken, the two files will need to be > identical in order for security.ima to match. And if the two files are > identical then an attacker can simply delete one and create a hardlink > to the other, which will have the same inode. I actually meant a different thing. For a moment I thought about placing a file from another location. But that is directory protection issue. While working on patches I was disputing with Mimi about usefulness of ino in there. -- Thanks, Dmitry
