From: Kinglong Mee <kinglongmee@gmail.com>
To: Chao Yu <yuchao0@huawei.com>, jaegeuk@kernel.org
Cc: chao@kernel.org, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH] f2fs: don't allow rename unencrypted file to encrypted directory
Date: Wed, 8 Mar 2017 21:35:25 +0800 [thread overview]
Message-ID: <99c57433-c631-4516-b5a2-e22c79e9a93d@gmail.com> (raw)
In-Reply-To: <20170308120820.86785-1-yuchao0@huawei.com>
On 3/8/2017 20:08, Chao Yu wrote:
> In commit d9cdc9033181 ("ext4 crypto: enforce context consistency") we
> declared that:
>
> 2) All files or directories in a directory must be protected using the
> same key as their containing directory.
>
> But in f2fs_cross_rename there is a vulnerability that allow to cross
> rename unencrypted file into encrypted directory, it needs to be refused.
fscrypt_has_permitted_context has do the checking as this patch,
168 /* no restrictions if the parent directory is not encrypted */
169 if (!parent->i_sb->s_cop->is_encrypted(parent))
170 return 1;
171 /* if the child directory is not encrypted, this is always a problem */
172 if (!parent->i_sb->s_cop->is_encrypted(child))
173 return 0;
So, the cross rename unencrypted file into encrypted directory is permitted right now.
I have a encrypted directory "ncry", "new" is unencrypted file.
[root@nfstestnic f2fs]# renameat2 -x encry/hello new
Operation not permitted
[root@nfstestnic f2fs]# renameat2 -x encry/hello new
Operation not permitted
How do you test it?
thanks,
Kinglong Mee
>
> Signed-off-by: Chao Yu <yuchao0@huawei.com>
> ---
> fs/f2fs/namei.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> index 25c073f6c7d4..8de684b84cb9 100644
> --- a/fs/f2fs/namei.c
> +++ b/fs/f2fs/namei.c
> @@ -855,6 +855,10 @@ static int f2fs_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
> !fscrypt_has_encryption_key(new_dir)))
> return -ENOKEY;
>
> + if (f2fs_encrypted_inode(old_dir) && !f2fs_encrypted_inode(new_inode) ||
> + f2fs_encrypted_inode(new_dir) && !f2fs_encrypted_inode(old_inode))
> + return -EPERM;
> +
> if ((f2fs_encrypted_inode(old_dir) || f2fs_encrypted_inode(new_dir)) &&
> (old_dir != new_dir) &&
> (!fscrypt_has_permitted_context(new_dir, old_inode) ||
>
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
next prev parent reply other threads:[~2017-03-08 13:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-08 12:08 [PATCH] f2fs: don't allow rename unencrypted file to encrypted directory Chao Yu
2017-03-08 13:35 ` Kinglong Mee [this message]
2017-03-09 1:33 ` Chao Yu
2017-03-10 21:49 ` kbuild test robot
2017-03-10 22:14 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=99c57433-c631-4516-b5a2-e22c79e9a93d@gmail.com \
--to=kinglongmee@gmail.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).