| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1480627271-10441-12-git-send-email-richard@nod.at>
Date: Thu, 1 Dec 2016 22:20:58 +0100
From: Richard Weinberger <richard@....at>
To: linux-mtd@...ts.infradead.org
Cc: david@...ma-star.at, tytso@....edu, dedekind1@...il.com,
ebiggers@...gle.com, mhalcrow@...gle.com, adrian.hunter@...el.com,
linux-kernel@...r.kernel.org, hch@...radead.org,
linux-fsdevel@...r.kernel.org, jaegeuk@...nel.org,
dengler@...utronix.de, sbabic@...x.de, wd@...x.de,
Richard Weinberger <richard@....at>
Subject: [PATCH 11/24] ubifs: Enforce crypto policy in mmap
We need this extra check in mmap because a process could
gain an already opened fd.
Signed-off-by: Richard Weinberger <richard@....at>
---
fs/ubifs/file.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index a9c5cc6c0bc5..60e789a9cac8 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = {
static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
{
int err;
+ struct inode *inode = file->f_mapping->host;
+
+ if (ubifs_crypt_is_encrypted(inode)) {
+ err = fscrypt_get_encryption_info(inode);
+ if (err)
+ return -EACCES;
+ if (!fscrypt_has_encryption_key(inode))
+ return -ENOKEY;
+ }
err = generic_file_mmap(file, vma);
if (err)
--
2.7.3
Powered by blists - more mailing lists