diff options
Diffstat (limited to 'patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch')
-rw-r--r-- | patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch new file mode 100644 index 0000000..f499685 --- /dev/null +++ b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From e68557814c7e9e4943caca924ff5537952bb3b4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Biggers <ebiggers@google.com> | ||
3 | Date: Fri, 2 Mar 2018 14:21:12 -0800 | ||
4 | Subject: [PATCH] fscrypto: add authorization check for setting encryption | ||
5 | policy | ||
6 | |||
7 | commit 163ae1c6ad6299b19e22b4a35d5ab24a89791a98 upstream. | ||
8 | |||
9 | On an ext4 or f2fs filesystem with file encryption supported, a user | ||
10 | could set an encryption policy on any empty directory(*) to which they | ||
11 | had readonly access. This is obviously problematic, since such a | ||
12 | directory might be owned by another user and the new encryption policy | ||
13 | would prevent that other user from creating files in their own directory | ||
14 | (for example). | ||
15 | |||
16 | Fix this by requiring inode_owner_or_capable() permission to set an | ||
17 | encryption policy. This means that either the caller must own the file, | ||
18 | or the caller must have the capability CAP_FOWNER. | ||
19 | |||
20 | (*) Or also on any regular file, for f2fs v4.6 and later and ext4 | ||
21 | v4.8-rc1 and later; a separate bug fix is coming for that. | ||
22 | |||
23 | CVE: CVE-2016-10318 | ||
24 | Upstream-Status: Backport | ||
25 | |||
26 | Signed-off-by: Eric Biggers <ebiggers@google.com> | ||
27 | Signed-off-by: Theodore Ts'o <tytso@mit.edu> | ||
28 | Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> | ||
29 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
30 | --- | ||
31 | fs/ext4/crypto_policy.c | 3 +++ | ||
32 | 1 file changed, 3 insertions(+) | ||
33 | |||
34 | diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c | ||
35 | index a6d6291..591fc37 100644 | ||
36 | --- a/fs/ext4/crypto_policy.c | ||
37 | +++ b/fs/ext4/crypto_policy.c | ||
38 | @@ -85,6 +85,9 @@ static int ext4_create_encryption_context_from_policy( | ||
39 | int ext4_process_policy(const struct ext4_encryption_policy *policy, | ||
40 | struct inode *inode) | ||
41 | { | ||
42 | + if (!inode_owner_or_capable(inode)) | ||
43 | + return -EACCES; | ||
44 | + | ||
45 | if (policy->version != 0) | ||
46 | return -EINVAL; | ||
47 | |||
48 | -- | ||
49 | 2.7.4 | ||
50 | |||