Re: fscrypto: improved validation when loading inode encryption metadata

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 12, 2016 at 12:24:00PM -0700, Eric Biggers wrote:
> - Validate fscrypt_context.format and fscrypt_context.flags.  If
>   unrecognized values are set, then the kernel may not know how to
>   interpret the encrypted file, so it should fail the operation.
> 
> - Validate that AES_256_XTS is used for contents and that AES_256_CTS is
>   used for filenames.  It was previously possible for the kernel to
>   accept these reversed, though it would have taken manual editing of
>   the block device.  This was not intended.
> 
> - Fail cleanly rather than BUG()-ing if a file has an unexpected type.
> 
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Thanks, applied.  (I plan to carry Eric's fscrypto changes ext4 git
tree; Jaeguk, I assume you have no objections?)

		   	       	       	   	- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux