[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180915152703.GA9979@thunk.org>
Date: Sat, 15 Sep 2018 11:27:03 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Colin Walters <walters@...bum.org>, linux-fsdevel@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-integrity@...r.kernel.org, linux-fscrypt@...r.kernel.org,
linux-kernel@...r.kernel.org,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Michael Halcrow <mhalcrow@...gle.com>,
Victor Hsieh <victorhsieh@...gle.com>
Subject: Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig
On Fri, Sep 14, 2018 at 09:21:43AM -0700, Eric Biggers wrote:
> >
> > Now AIUI, Zip files have an internal header that contains e.g. the size and
> > indexes into the internal files. So if someone added random data to the end
> > of a zip file, nothing is going to end up actually reading it.
>
> After the verity bit is enabled, the verity metadata is not visible to
> userspace. Yes, that means i_size is adjusted too. Also all contents
> modifications are denied, including appends.
One of this reasons why this is important is that ZIP files *also*
have an central directory at the end. And in the case of the APK
files, there is an in-band signature block which is located at at the
end of the last file and the central directory, which can be located
by starting at the end of the file, finding the length of the central
directory, and then backing up to find the signature block.
- Ted
Powered by blists - more mailing lists