Hi Roberto, On Wed, 2021-05-05 at 13:33 +0200, Roberto Sassu wrote: > With the patch to allow xattr/attr operations if a portable signature > verification fails, cp and tar can copy all xattrs/attrs so that at the > end of the process verification succeeds. > > However, it might happen that the xattrs/attrs are already set to the > correct value (taken at signing time) and signature verification succeeds > before the copy has completed. For example, an archive might contains files > owned by root and the archive is extracted by root. > > Then, since portable signatures are immutable, all subsequent operations > fail (e.g. fchown()), even if the operation is legitimate (does not alter > the current value). > > This patch avoids this problem by reporting successful operation to user > space when that operation does not alter the current value of xattrs/attrs. I must be missing something. If both the IMA and EVM status flags are reset after xattr or attr modification, do we really need to prevent any metadata - same or different - changes? Both evm_protect_xattr() and evm_inode_setattr() would need to be modified to allow INTEGRITY_PASS_IMMUTABLE. thanks, Mimi
