On Fri, Oct 27, 2017 at 4:08 PM, Peter P. <p.pan48711@xxxxxxxxx> wrote: > Hi, > > I would like to better understand how the inclusion of the inode > number and the other return values from stat add to the protection of > the xattrs when security.evm contains a digital signature. > > If any of the security xattrs are tampered with, then I would expect > EVM signature verification will fail. What added protections does one > gain by including file information? There's no real security advantage as long as IMA is in use. However, EVM can be used without IMA, and in that case you'd end up with signatures that could be moved between files. See the discussion of the portable signature format going on at the moment.
