| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Mar 2019 09:33:49 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Miklos Szeredi <miklos@...redi.hu>,
Richard Weinberger <richard@....at>,
linux-fsdevel@...r.kernel.org, linux-fscrypt@...r.kernel.org,
overlayfs <linux-unionfs@...r.kernel.org>,
linux-kernel@...r.kernel.org
Subject: Re: overlayfs vs. fscrypt
On Wed, Mar 13, 2019 at 04:11:48PM +0000, Al Viro wrote:
> On Wed, Mar 13, 2019 at 08:01:27AM -0700, Eric Biggers wrote:
>
> > What do you think about this?
>
> That fscrypt might have some very deep flaws. I'll need to RTFS and
> review its model, but what I've seen in this thread so far is not
> promising anything good.
>
> It's not just overlayfs - there are all kinds of interesting trouble
> possible just with fscrypt, unless I'm misparsing what had been said
> so far.
FYI, there *is* a known bug I was very recently made aware of and am planning to
fix. When ->lookup() finds the plaintext name for a directory and the
ciphertext name is already in the dcache, d_splice_alias() will __d_move() the
existing dentry to the plaintext name. But it doesn't set
DCACHE_ENCRYPTED_WITH_KEY, so the dentry incorrectly is still marked as a
ciphertext name and will be invalidated on the next lookup. That's especially
problematic if the lookup that caused the __d_move() came from sys_mount().
I'm thinking the best fix is to have __d_move() propagate
DCACHE_ENCRYPTED_WITH_KEY from 'target' to 'dentry'.
- Eric
Powered by blists - more mailing lists