| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jul 2020 14:47:04 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Florian Schmaus <flo@...kplace.eu>, Theodore Ts'o <tytso@....edu>
Cc: linux-ext4@...r.kernel.org
Subject: Re: [PATCH v2] e4crypt: if salt is explicitly provided to add_key,
then use it
On Tue, Jul 07, 2020 at 10:27:30AM +0200, Florian Schmaus wrote:
> Providing -S and a path to 'add_key' previously exhibit an unintuitive
exhibit => exhibited
> behavior: instead of using the salt explicitly provided by the user,
> e4crypt would use the salt obtained via EXT4_IOC_GET_ENCRYPTION_PWSALT
> on the path. This was because set_policy() was still called with NULL
> as salt.
>
> With this change we now remember the explicitly provided salt (if any)
> and use it as argument for set_policy().
>
> Eventually
>
> e4crypt add_key -S s:my-spicy-salt /foo
>
> will now actually use 'my-spicy-salt' and not something else as salt
> for the policy set on /foo.
>
> Signed-off-by: Florian Schmaus <flo@...kplace.eu>
> ---
>
> Notes:
> - Clarify -S description in man page.
> - Do not store a reference to salt_list entry, as it
> could be reallocated causing a use-after-free.
> - Only parse the salts of the path arguments if no
> salt was explicitly specified.
>
> misc/e4crypt.8.in | 4 +++-
> misc/e4crypt.c | 18 ++++++++++++++----
> 2 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/misc/e4crypt.8.in b/misc/e4crypt.8.in
> index 75b968a0..fe9372cf 100644
> --- a/misc/e4crypt.8.in
> +++ b/misc/e4crypt.8.in
> @@ -48,7 +48,9 @@ values are 4, 8, 16, and 32.
> If one or more directory paths are specified, e4crypt will try to
> set the policy of those directories to use the key just added by the
> .B add_key
> -command.
> +command. If a salt was explicitly specified, then it will be used
> +to derive the encryption key of those directories. Otherwise a
> +directory-specific default salt will be used.
> .TP
> .B e4crypt get_policy \fIpath\fR ...
> Print the policy for the directories specified on the command line.
> diff --git a/misc/e4crypt.c b/misc/e4crypt.c
> index 2ae6254a..67d25d88 100644
> --- a/misc/e4crypt.c
> +++ b/misc/e4crypt.c
> @@ -26,6 +26,7 @@
> #include <getopt.h>
> #include <dirent.h>
> #include <errno.h>
> +#include <stdbool.h>
I'd like to use <stdbool.h> too, but I'm not sure if it's allowed in e2fsprogs;
this would be the first use. Everywhere else seems to just use int, 0, and 1.
Ted, is stdbool.h allowed in e2fsprogs?
> + if (!explicit_salt)
> + for (i = optind; i < argc; i++)
> + parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
There should be braces at the outer level (following Linux kernel coding style):
if (!explicit_salt) {
for (i = optind; i < argc; i++)
parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
}
Otherwise this patch looks fine.
Hopefully people aren't depending on this bug being present.
- Eric
Powered by blists - more mailing lists