lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Dec 2016 13:18:46 +0100 From: Richard Weinberger <richard@....at> To: Eric Biggers <ebiggers3@...il.com>, linux-fsdevel@...r.kernel.org Cc: "Theodore Y . Ts'o" <tytso@....edu>, Jaegeuk Kim <jaegeuk@...nel.org>, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, David Gstir <david@...ma-star.at>, Eric Biggers <ebiggers@...gle.com> Subject: Re: [PATCH 1/3] fscrypt: fix loophole in one-encryption-policy-per-tree enforcement On 15.12.2016 20:19, Eric Biggers wrote: > From: Eric Biggers <ebiggers@...gle.com> > > Filesystem encryption is designed to enforce that all files in an > encrypted directory tree use the same encryption policy. Operations > that violate this constraint are supposed to fail with EPERM. There was > one case that was missed, however: the cross-rename operation (i.e. > renameat2 with RENAME_EXCHANGE) allowed two files with different > encryption policies to be exchanged, provided that neither encryption > key was available. > > To fix this, when we can't compare the fscrypt_info structs because the > key is unavailable, compare the fscrypt_context structs instead. > > This will be covered by a test in my encryption xfstests patchset. > > Fixes: b7236e21d55f ("ext4 crypto: reorganize how we store keys in the inode") > Signed-off-by: Eric Biggers <ebiggers@...gle.com> Reviewed-by: Richard Weinberger <richard@....at> Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists