On Fri, Jul 26, 2019 at 03:41:37PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > By looking up the master keys in a filesystem-level keyring rather than > in the calling processes' key hierarchy, it becomes possible for a user > to set an encryption policy which refers to some key they don't actually > know, then encrypt their files using that key. Cryptographically this > isn't much of a problem, but the semantics of this would be a bit weird. > Thus, enforce that a v2 encryption policy can only be set if the user > has previously added the key, or has capable(CAP_FOWNER). > > We tolerate that this problem will continue to exist for v1 encryption > policies, however; there is no way around that. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Looks good, feel free to add: Reviewed-by: Theodore Ts'o <tytso@xxxxxxx> - Ted ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/
Re: [PATCH v7 12/16] fscrypt: require that key be added when setting a v2 encryption policy
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH v7 12/16] fscrypt: require that key be added when setting a v2 encryption policy
- From: "Theodore Y. Ts'o" <tytso@xxxxxxx>
- Date: Sun, 28 Jul 2019 17:24:02 -0400
- Cc: Satya Tangirala <satyat@xxxxxxxxxx>, linux-api@xxxxxxxxxxxxxxx, linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx, linux-fscrypt@xxxxxxxxxxxxxxx, keyrings@xxxxxxxxxxxxxxx, linux-mtd@xxxxxxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, Paul Crowley <paulcrowley@xxxxxxxxxx>
- In-reply-to: <20190726224141.14044-13-ebiggers@kernel.org>
- References: <20190726224141.14044-1-ebiggers@kernel.org> <20190726224141.14044-13-ebiggers@kernel.org>
- User-agent: Mutt/1.10.1 (2018-07-13)
- References:
- [PATCH v7 00/16] fscrypt: key management improvements
- From: Eric Biggers
- [PATCH v7 12/16] fscrypt: require that key be added when setting a v2 encryption policy
- From: Eric Biggers
- [PATCH v7 00/16] fscrypt: key management improvements
- Prev by Date: Re: [PATCH v7 11/16] fscrypt: allow unprivileged users to add/remove keys for v2 policies
- Next by Date: Re: [PATCH v7 13/16] ext4: wire up new fscrypt ioctls
- Previous by thread: [PATCH v7 12/16] fscrypt: require that key be added when setting a v2 encryption policy
- Next by thread: [PATCH v7 14/16] f2fs: wire up new fscrypt ioctls
- Index(es):
 |