Re: Patch "fscrypto: add authorization check for setting encryption policy" has been added to the 4.7-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@google.com>
To: gregkh@linuxfoundation.org
Cc: tytso@mit.edu, stable@vger.kernel.org, stable-commits@vger.kernel.org
Subject: Re: Patch "fscrypto: add authorization check for setting encryption policy" has been added to the 4.7-stable tree
Date: Mon, 12 Sep 2016 11:49:02 -0700	[thread overview]
Message-ID: <20160912184902.GB7129@google.com> (raw)
In-Reply-To: <147369353118593@kroah.com>

On Mon, Sep 12, 2016 at 05:18:51PM +0200, gregkh@linuxfoundation.org wrote:
> 
> This is a note to let you know that I've just added the patch titled
> 
>     fscrypto: add authorization check for setting encryption policy
> 
> to the 4.7-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

For the 4.7 kernel, fs/ext4/crypto_policy.c needs to be patched as well since
the buggy code was duplicated there.  Here is the correct diff:

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 0f9961e..c9800b1 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -95,6 +95,9 @@ static int create_encryption_context_from_policy(struct inode *inode,
 int fscrypt_process_policy(struct inode *inode,
 				const struct fscrypt_policy *policy)
 {
+	if (!inode_owner_or_capable(inode))
+		return -EACCES;
+
 	if (policy->version != 0)
 		return -EINVAL;
 
diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
index ad05069..8a9feb3 100644
--- a/fs/ext4/crypto_policy.c
+++ b/fs/ext4/crypto_policy.c
@@ -102,6 +102,9 @@ static int ext4_create_encryption_context_from_policy(
 int ext4_process_policy(const struct ext4_encryption_policy *policy,
 			struct inode *inode)
 {
+	if (!inode_owner_or_capable(inode))
+		return -EACCES;
+
 	if (policy->version != 0)
 		return -EINVAL;
 
-- 
2.8.0.rc3.226.g39d4020

next prev parent reply	other threads:[~2016-09-12 18:49 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-12 15:18 Patch "fscrypto: add authorization check for setting encryption policy" has been added to the 4.7-stable tree gregkh
2016-09-12 18:49 ` Eric Biggers [this message]
2016-09-13  2:59   ` Theodore Ts'o
2016-09-15  6:18   ` Greg KH

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0f9961e dfblob:c9800b1 dfblob:ad05069 dfblob:8a9feb3 )
 OR (
bs:"Re: Patch "
bs:"fscrypto: add authorization check for setting encryption policy"
bs:" has been added to the 4.7-stable tree" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160912184902.GB7129@google.com \
    --to=ebiggers@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=stable-commits@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.