On 15.12.2016 20:19, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> Filesystem encryption is designed to enforce that all files in an
> encrypted directory tree use the same encryption policy. Operations
> that violate this constraint are supposed to fail with EPERM. There was
> one case that was missed, however: the cross-rename operation (i.e.
> renameat2 with RENAME_EXCHANGE) allowed two files with different
> encryption policies to be exchanged, provided that neither encryption
> key was available.
>
> To fix this, when we can't compare the fscrypt_info structs because the
> key is unavailable, compare the fscrypt_context structs instead.
>
> This will be covered by a test in my encryption xfstests patchset.
>
> Fixes: b7236e21d55f ("ext4 crypto: reorganize how we store keys in the inode")
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Reviewed-by: Richard Weinberger <richard@xxxxxx>
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
