From: Greg KH <gregkh@linuxfoundation.org>
To: Eric Biggers <ebiggers@google.com>
Cc: tytso@mit.edu, stable@vger.kernel.org, stable-commits@vger.kernel.org
Subject: Re: Patch "fscrypto: add authorization check for setting encryption policy" has been added to the 4.7-stable tree
Date: Thu, 15 Sep 2016 08:18:58 +0200 [thread overview]
Message-ID: <20160915061858.GA15850@kroah.com> (raw)
In-Reply-To: <20160912184902.GB7129@google.com>
On Mon, Sep 12, 2016 at 11:49:02AM -0700, Eric Biggers wrote:
> On Mon, Sep 12, 2016 at 05:18:51PM +0200, gregkh@linuxfoundation.org wrote:
> >
> > This is a note to let you know that I've just added the patch titled
> >
> > fscrypto: add authorization check for setting encryption policy
> >
> > to the 4.7-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> For the 4.7 kernel, fs/ext4/crypto_policy.c needs to be patched as well since
> the buggy code was duplicated there. Here is the correct diff:
>
> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> index 0f9961e..c9800b1 100644
> --- a/fs/crypto/policy.c
> +++ b/fs/crypto/policy.c
> @@ -95,6 +95,9 @@ static int create_encryption_context_from_policy(struct inode *inode,
> int fscrypt_process_policy(struct inode *inode,
> const struct fscrypt_policy *policy)
> {
> + if (!inode_owner_or_capable(inode))
> + return -EACCES;
> +
> if (policy->version != 0)
> return -EINVAL;
>
> diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
> index ad05069..8a9feb3 100644
> --- a/fs/ext4/crypto_policy.c
> +++ b/fs/ext4/crypto_policy.c
> @@ -102,6 +102,9 @@ static int ext4_create_encryption_context_from_policy(
> int ext4_process_policy(const struct ext4_encryption_policy *policy,
> struct inode *inode)
> {
> + if (!inode_owner_or_capable(inode))
> + return -EACCES;
> +
> if (policy->version != 0)
> return -EINVAL;
>
Thanks for this, now updated.
greg k-h
prev parent reply other threads:[~2016-09-15 6:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-12 15:18 Patch "fscrypto: add authorization check for setting encryption policy" has been added to the 4.7-stable tree gregkh
2016-09-12 18:49 ` Eric Biggers
2016-09-13 2:59 ` Theodore Ts'o
2016-09-15 6:18 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160915061858.GA15850@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers@google.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.