17 Nov
2020
17 Nov
'20
6:23 p.m.
On Mon, Nov 16, 2020 at 10:35 AM Mimi Zohar zohar@linux.ibm.com wrote:
We need to differentiate between signed files, which by definition are immutable, and those that are mutable. Appending to a mutable file, for example, would result in the file hash not being updated. Subsequent reads would fail.
Why would that require any reading of the file at all AT WRITE TIME?
Don't do it. Really.
When opening the file write-only, you just invalidate the hash. It doesn't matter anyway - you're only writing.
Later on, when reading, only at that point does the hash matter, and then you can do the verification.
Although honestly, I don't even see the point. You know the hash won't match, if you wrote to the file.
Linus