diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2014-10-07 16:51:55 -0400 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2014-10-23 09:11:03 -0400 |
| commit | 332b122d39c9cbff8b799007a825d94b2e7c12f2 (patch) | |
| tree | 3676cdebea8bffb909942ee4e5adb1b7ced2fc0f | |
| parent | c3351dfabf5c78fb5ddc79d0f7b65ebd9e441337 (diff) | |
eCryptfs: Force RO mount when encrypted view is enabled
The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:
e77a56d [PATCH] eCryptfs: Encrypted passthrough
This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Priya Bansal <p.bansal@samsung.com>
Cc: stable@vger.kernel.org # v2.6.21+: e77a56d [PATCH] eCryptfs: Encrypted passthrough
| -rw-r--r-- | fs/ecryptfs/file.c | 12 | ||||
| -rw-r--r-- | fs/ecryptfs/main.c | 16 |
2 files changed, 13 insertions, 15 deletions
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index f5bce9096555..54742f9a67a8 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
| @@ -190,23 +190,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
| 190 | { | 190 | { |
| 191 | int rc = 0; | 191 | int rc = 0; |
| 192 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | 192 | struct ecryptfs_crypt_stat *crypt_stat = NULL; |
| 193 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
| 194 | struct dentry *ecryptfs_dentry = file->f_path.dentry; | 193 | struct dentry *ecryptfs_dentry = file->f_path.dentry; |
| 195 | /* Private value of ecryptfs_dentry allocated in | 194 | /* Private value of ecryptfs_dentry allocated in |
| 196 | * ecryptfs_lookup() */ | 195 | * ecryptfs_lookup() */ |
| 197 | struct ecryptfs_file_info *file_info; | 196 | struct ecryptfs_file_info *file_info; |
| 198 | 197 | ||
| 199 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
| 200 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
| 201 | if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
| 202 | && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) | ||
| 203 | || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) | ||
| 204 | || (file->f_flags & O_APPEND))) { | ||
| 205 | printk(KERN_WARNING "Mount has encrypted view enabled; " | ||
| 206 | "files may only be read\n"); | ||
| 207 | rc = -EPERM; | ||
| 208 | goto out; | ||
| 209 | } | ||
| 210 | /* Released in ecryptfs_release or end of function if failure */ | 198 | /* Released in ecryptfs_release or end of function if failure */ |
| 211 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); | 199 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); |
| 212 | ecryptfs_set_file_private(file, file_info); | 200 | ecryptfs_set_file_private(file, file_info); |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 1b119d3bf924..34eb8433d93f 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
| @@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
| 493 | { | 493 | { |
| 494 | struct super_block *s; | 494 | struct super_block *s; |
| 495 | struct ecryptfs_sb_info *sbi; | 495 | struct ecryptfs_sb_info *sbi; |
| 496 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
| 496 | struct ecryptfs_dentry_info *root_info; | 497 | struct ecryptfs_dentry_info *root_info; |
| 497 | const char *err = "Getting sb failed"; | 498 | const char *err = "Getting sb failed"; |
| 498 | struct inode *inode; | 499 | struct inode *inode; |
| @@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
| 511 | err = "Error parsing options"; | 512 | err = "Error parsing options"; |
| 512 | goto out; | 513 | goto out; |
| 513 | } | 514 | } |
| 515 | mount_crypt_stat = &sbi->mount_crypt_stat; | ||
| 514 | 516 | ||
| 515 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); | 517 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); |
| 516 | if (IS_ERR(s)) { | 518 | if (IS_ERR(s)) { |
| @@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
| 557 | 559 | ||
| 558 | /** | 560 | /** |
| 559 | * Set the POSIX ACL flag based on whether they're enabled in the lower | 561 | * Set the POSIX ACL flag based on whether they're enabled in the lower |
| 560 | * mount. Force a read-only eCryptfs mount if the lower mount is ro. | 562 | * mount. |
| 561 | * Allow a ro eCryptfs mount even when the lower mount is rw. | ||
| 562 | */ | 563 | */ |
| 563 | s->s_flags = flags & ~MS_POSIXACL; | 564 | s->s_flags = flags & ~MS_POSIXACL; |
| 564 | s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); | 565 | s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; |
| 566 | |||
| 567 | /** | ||
| 568 | * Force a read-only eCryptfs mount when: | ||
| 569 | * 1) The lower mount is ro | ||
| 570 | * 2) The ecryptfs_encrypted_view mount option is specified | ||
| 571 | */ | ||
| 572 | if (path.dentry->d_sb->s_flags & MS_RDONLY || | ||
| 573 | mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
| 574 | s->s_flags |= MS_RDONLY; | ||
| 565 | 575 | ||
| 566 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; | 576 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; |
| 567 | s->s_blocksize = path.dentry->d_sb->s_blocksize; | 577 | s->s_blocksize = path.dentry->d_sb->s_blocksize; |