diff options
author | Andreas Wellving <andreas.wellving@enea.com> | 2018-10-17 15:25:48 +0200 |
---|---|---|
committer | Andreas Wellving <andreas.wellving@enea.com> | 2018-10-25 13:25:09 +0200 |
commit | a0c8087aaa1aca3797247937d559ede5c3181772 (patch) | |
tree | 98e29a5685144e41969a075a378dba06cba5d2a4 | |
parent | 681524e0001dcc066fc226897c85cc4c7998ac7c (diff) | |
download | enea-kernel-cache-a0c8087aaa1aca3797247937d559ede5c3181772.tar.gz |
fscrypto: CVE-2016-10318
fscrypto: add authorization check for setting encryption policy
References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=e68557814c7e9e4943caca924ff5537952bb3b4e
Change-Id: I83ba398899b937d26ebd7955c390981b779b6e16
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
-rw-r--r-- | patches/cve/4.1.x.scc | 3 | ||||
-rw-r--r-- | patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch | 50 |
2 files changed, 53 insertions, 0 deletions
diff --git a/patches/cve/4.1.x.scc b/patches/cve/4.1.x.scc index 8b5a52f..47341b8 100644 --- a/patches/cve/4.1.x.scc +++ b/patches/cve/4.1.x.scc | |||
@@ -31,3 +31,6 @@ patch CVE-2017-17806-crypto-hmac-require-that-the-underlying-hash-algorit.patch | |||
31 | patch CVE-2017-6346-packet-fix-races-in-fanout_add.patch | 31 | patch CVE-2017-6346-packet-fix-races-in-fanout_add.patch |
32 | patch CVE-2017-7184-xfrm_user-validate-XFRM_MSG_NEWAE-incoming-ESN-size-.patch | 32 | patch CVE-2017-7184-xfrm_user-validate-XFRM_MSG_NEWAE-incoming-ESN-size-.patch |
33 | 33 | ||
34 | #fixed in 4.1.50 | ||
35 | patch CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch | ||
36 | |||
diff --git a/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch new file mode 100644 index 0000000..f499685 --- /dev/null +++ b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From e68557814c7e9e4943caca924ff5537952bb3b4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Biggers <ebiggers@google.com> | ||
3 | Date: Fri, 2 Mar 2018 14:21:12 -0800 | ||
4 | Subject: [PATCH] fscrypto: add authorization check for setting encryption | ||
5 | policy | ||
6 | |||
7 | commit 163ae1c6ad6299b19e22b4a35d5ab24a89791a98 upstream. | ||
8 | |||
9 | On an ext4 or f2fs filesystem with file encryption supported, a user | ||
10 | could set an encryption policy on any empty directory(*) to which they | ||
11 | had readonly access. This is obviously problematic, since such a | ||
12 | directory might be owned by another user and the new encryption policy | ||
13 | would prevent that other user from creating files in their own directory | ||
14 | (for example). | ||
15 | |||
16 | Fix this by requiring inode_owner_or_capable() permission to set an | ||
17 | encryption policy. This means that either the caller must own the file, | ||
18 | or the caller must have the capability CAP_FOWNER. | ||
19 | |||
20 | (*) Or also on any regular file, for f2fs v4.6 and later and ext4 | ||
21 | v4.8-rc1 and later; a separate bug fix is coming for that. | ||
22 | |||
23 | CVE: CVE-2016-10318 | ||
24 | Upstream-Status: Backport | ||
25 | |||
26 | Signed-off-by: Eric Biggers <ebiggers@google.com> | ||
27 | Signed-off-by: Theodore Ts'o <tytso@mit.edu> | ||
28 | Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> | ||
29 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
30 | --- | ||
31 | fs/ext4/crypto_policy.c | 3 +++ | ||
32 | 1 file changed, 3 insertions(+) | ||
33 | |||
34 | diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c | ||
35 | index a6d6291..591fc37 100644 | ||
36 | --- a/fs/ext4/crypto_policy.c | ||
37 | +++ b/fs/ext4/crypto_policy.c | ||
38 | @@ -85,6 +85,9 @@ static int ext4_create_encryption_context_from_policy( | ||
39 | int ext4_process_policy(const struct ext4_encryption_policy *policy, | ||
40 | struct inode *inode) | ||
41 | { | ||
42 | + if (!inode_owner_or_capable(inode)) | ||
43 | + return -EACCES; | ||
44 | + | ||
45 | if (policy->version != 0) | ||
46 | return -EINVAL; | ||
47 | |||
48 | -- | ||
49 | 2.7.4 | ||
50 | |||