From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752845AbcDCFZq (ORCPT ); Sun, 3 Apr 2016 01:25:46 -0400 Received: from mail-ig0-f193.google.com ([209.85.213.193]:33007 "EHLO mail-ig0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752545AbcDCFXq (ORCPT ); Sun, 3 Apr 2016 01:23:46 -0400 From: Eric Biggers To: linux-fsdevel@vger.kernel.org Cc: linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu, mhalcrow@google.com, Eric Biggers Subject: [PATCH 11/13] fscrypto: restrict setting encryption policy to inode owner Date: Sun, 3 Apr 2016 00:22:02 -0500 Message-Id: <1459660924-2960-12-git-send-email-ebiggers3@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1459660924-2960-1-git-send-email-ebiggers3@gmail.com> References: <1459660924-2960-1-git-send-email-ebiggers3@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On a filesystem with encryption enabled, a user could set an encryption policy on any empty directory to which they have readonly access. This is a potential security issue since such a directory might be owned by another user, and the new encryption policy may prevent that user from creating files in their own directory. Fix this by requiring inode_owner_or_capable() permission to set an encryption policy. Signed-off-by: Eric Biggers --- fs/crypto/policy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index cb5ba27..3f5c275 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -96,6 +96,9 @@ int fscrypt_set_policy(struct inode *inode, const struct fscrypt_policy *policy) { int ret = 0; + if (!inode_owner_or_capable(inode)) + return -EACCES; + if (policy->version != 0) return -EINVAL; -- 2.7.4