[PATCH 11/13] fscrypto: restrict setting encryption policy to inode owner

From: Eric Biggers
Date: Sun Apr 03 2016 - 01:25:49 EST

Next message: Eric Biggers: "[PATCH 07/13] fscrypto: simplify building key descriptor string"
Previous message: Eric Biggers: "[PATCH 12/13] fscrypto: require write access to mount to set encryption policy"
In reply to: Eric Biggers: "[PATCH 12/13] fscrypto: require write access to mount to set encryption policy"
Next in thread: Eric Biggers: "[PATCH 07/13] fscrypto: simplify building key descriptor string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On a filesystem with encryption enabled, a user could set an encryption
policy on any empty directory to which they have readonly access. This
is a potential security issue since such a directory might be owned by
another user, and the new encryption policy may prevent that user from
creating files in their own directory.

Fix this by requiring inode_owner_or_capable() permission to set an
encryption policy.

Signed-off-by: Eric Biggers <ebiggers3@xxxxxxxxx>
---
fs/crypto/policy.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index cb5ba27..3f5c275 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -96,6 +96,9 @@ int fscrypt_set_policy(struct inode *inode, const struct fscrypt_policy *policy)
{
int ret = 0;

+ if (!inode_owner_or_capable(inode))
+ return -EACCES;
+
if (policy->version != 0)
return -EINVAL;

--
2.7.4

Next message: Eric Biggers: "[PATCH 07/13] fscrypto: simplify building key descriptor string"
Previous message: Eric Biggers: "[PATCH 12/13] fscrypto: require write access to mount to set encryption policy"
In reply to: Eric Biggers: "[PATCH 12/13] fscrypto: require write access to mount to set encryption policy"
Next in thread: Eric Biggers: "[PATCH 07/13] fscrypto: simplify building key descriptor string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]