Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2063879imm; Sat, 15 Sep 2018 08:28:06 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYD3UMAz/MJb1pzjplA6qmaNtfBpjG2l60pJHEj/T0PH7A0GWo3BDR1DMERnSMEOpUnbRCx X-Received: by 2002:a63:ed4f:: with SMTP id m15-v6mr13969202pgk.147.1537025286490; Sat, 15 Sep 2018 08:28:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537025286; cv=none; d=google.com; s=arc-20160816; b=df/aW/5QYk86l7T1TOApYIOcvqnlI4B1st1B9HvcdQTaoDX+8UL+jI/B3a0O44G904 3Df9ZgxrA7pI30i5XlLp8Xghvc9d6KX9Lt5iN9cwvI54jZ6Vx8s2+vmd6dgb3fTdVStY wWKOursTcWfhTT5LvAYHut4NFimShA32P3xmAY9lMDN/tBRidhCLIhHZpGmZk8M3Amqm UzRfXNaJWw4nQIuV0fjgcReeGVjyviQcSwoPE+pBzu4EwiJoRdCMBGHznziks86uh02X csuFe1GdVViLqcNyDxd+HOexsIoebqPfX0YwP8K7ERSC10Tulav9TY0dXjdge9z96Rbw ysEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature; bh=ouJYJf9Ynv4x3YlG46BxmqHRpVy2LHKS5G8T2JjaGbs=; b=Eq8Cj1iGQ7Lre0UT221623lSyWTMN1cQlxxutXk6s+x9aOMt55wBOqqLsy9nCA47Qf gmFvTBEnA35OhofuPzpawDRamJ74JHiVvVd9QszlkbmKXKGa4c+ruhOiOleIkFea9wUK 9vPvPyJmjYkZuaZDTQDUAVUdXD8WdGCKzHeRVI+COkH6xMtZjYT3CaJCNw4dcjges5U/ FmJnU/lCzIFAqxnGB6hkZAPTy/yiBSfd6qKDQLgYrb0ax/UoPbOtGlxiSaL8krhqAadZ 24BFHA5AMBJxl5nl9kkcH2KJ1yjB3jUbXlCr2Z0Ql32AK8gzgQlobC6j0g5afAmYVevH AnrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b="Eqo/AO3H"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n2-v6si10762745pgu.103.2018.09.15.08.27.17; Sat, 15 Sep 2018 08:28:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b="Eqo/AO3H"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727803AbeIOUqc (ORCPT + 99 others); Sat, 15 Sep 2018 16:46:32 -0400 Received: from imap.thunk.org ([74.207.234.97]:36346 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727065AbeIOUqc (ORCPT ); Sat, 15 Sep 2018 16:46:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ouJYJf9Ynv4x3YlG46BxmqHRpVy2LHKS5G8T2JjaGbs=; b=Eqo/AO3HwYU0Ii+Ov5yeXZH7w2 5eyadTQK934jd1ZeTyjJK6W7zMDU4kEuskx2UjF6D2bTzuZ8lmimnUw27cKfzfLLG41CaKAvoHF+9 BrP6MXFHywPQHlyK2taeRZ7erWkjlbsRYIg0W5nLzLka5Sk6Bw501XwW/OavV2WokpqM=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1g1CTQ-0001wb-BG; Sat, 15 Sep 2018 15:27:04 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 31FCD7A5855; Sat, 15 Sep 2018 11:27:03 -0400 (EDT) Date: Sat, 15 Sep 2018 11:27:03 -0400 From: "Theodore Y. Ts'o" To: Eric Biggers Cc: Colin Walters , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, Mimi Zohar , Dmitry Kasatkin , Michael Halcrow , Victor Hsieh Subject: Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig Message-ID: <20180915152703.GA9979@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Eric Biggers , Colin Walters , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, Mimi Zohar , Dmitry Kasatkin , Michael Halcrow , Victor Hsieh References: <20180824161642.1144-1-ebiggers@kernel.org> <20180824161642.1144-2-ebiggers@kernel.org> <1535132549.2855027.1485213752.129E3334@webmail.messagingengine.com> <20180825044852.GB726@sol.localdomain> <1536930930.1003187.1508104496.6465C44D@webmail.messagingengine.com> <20180914162142.GA734@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180914162142.GA734@sol.localdomain> User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 14, 2018 at 09:21:43AM -0700, Eric Biggers wrote: > > > > Now AIUI, Zip files have an internal header that contains e.g. the size and > > indexes into the internal files. So if someone added random data to the end > > of a zip file, nothing is going to end up actually reading it. > > After the verity bit is enabled, the verity metadata is not visible to > userspace. Yes, that means i_size is adjusted too. Also all contents > modifications are denied, including appends. One of this reasons why this is important is that ZIP files *also* have an central directory at the end. And in the case of the APK files, there is an in-band signature block which is located at at the end of the last file and the central directory, which can be located by starting at the end of the file, finding the length of the central directory, and then backing up to find the signature block. - Ted