[PATCH 11/13] fscrypto: restrict setting encryption policy to inode owner

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On a filesystem with encryption enabled, a user could set an encryption
policy on any empty directory to which they have readonly access.  This
is a potential security issue since such a directory might be owned by
another user, and the new encryption policy may prevent that user from
creating files in their own directory.

Fix this by requiring inode_owner_or_capable() permission to set an
encryption policy.

Signed-off-by: Eric Biggers <ebiggers3@xxxxxxxxx>
---
 fs/crypto/policy.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index cb5ba27..3f5c275 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -96,6 +96,9 @@ int fscrypt_set_policy(struct inode *inode, const struct fscrypt_policy *policy)
 {
 	int ret = 0;
 
+	if (!inode_owner_or_capable(inode))
+		return -EACCES;
+
 	if (policy->version != 0)
 		return -EINVAL;
 
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux