On Mon, Sep 12, 2016 at 11:49:02AM -0700, Eric Biggers wrote: > On Mon, Sep 12, 2016 at 05:18:51PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > > This is a note to let you know that I've just added the patch titled > > > > fscrypto: add authorization check for setting encryption policy > > > > to the 4.7-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > For the 4.7 kernel, fs/ext4/crypto_policy.c needs to be patched as well since > the buggy code was duplicated there. Here is the correct diff: > > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c > index 0f9961e..c9800b1 100644 > --- a/fs/crypto/policy.c > +++ b/fs/crypto/policy.c > @@ -95,6 +95,9 @@ static int create_encryption_context_from_policy(struct inode *inode, > int fscrypt_process_policy(struct inode *inode, > const struct fscrypt_policy *policy) > { > + if (!inode_owner_or_capable(inode)) > + return -EACCES; > + > if (policy->version != 0) > return -EINVAL; > > diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c > index ad05069..8a9feb3 100644 > --- a/fs/ext4/crypto_policy.c > +++ b/fs/ext4/crypto_policy.c > @@ -102,6 +102,9 @@ static int ext4_create_encryption_context_from_policy( > int ext4_process_policy(const struct ext4_encryption_policy *policy, > struct inode *inode) > { > + if (!inode_owner_or_capable(inode)) > + return -EACCES; > + > if (policy->version != 0) > return -EINVAL; > Thanks for this, now updated. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html