diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2014-10-07 16:51:55 -0400 |
---|---|---|
committer | Tyler Hicks <tyhicks@canonical.com> | 2014-10-23 09:11:03 -0400 |
commit | 332b122d39c9cbff8b799007a825d94b2e7c12f2 (patch) | |
tree | 3676cdebea8bffb909942ee4e5adb1b7ced2fc0f /fs | |
parent | c3351dfabf5c78fb5ddc79d0f7b65ebd9e441337 (diff) |
eCryptfs: Force RO mount when encrypted view is enabled
The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:
e77a56d [PATCH] eCryptfs: Encrypted passthrough
This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Priya Bansal <p.bansal@samsung.com>
Cc: stable@vger.kernel.org # v2.6.21+: e77a56d [PATCH] eCryptfs: Encrypted passthrough
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/file.c | 12 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 16 |
2 files changed, 13 insertions, 15 deletions
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index f5bce9096555..54742f9a67a8 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
@@ -190,23 +190,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
190 | { | 190 | { |
191 | int rc = 0; | 191 | int rc = 0; |
192 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | 192 | struct ecryptfs_crypt_stat *crypt_stat = NULL; |
193 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
194 | struct dentry *ecryptfs_dentry = file->f_path.dentry; | 193 | struct dentry *ecryptfs_dentry = file->f_path.dentry; |
195 | /* Private value of ecryptfs_dentry allocated in | 194 | /* Private value of ecryptfs_dentry allocated in |
196 | * ecryptfs_lookup() */ | 195 | * ecryptfs_lookup() */ |
197 | struct ecryptfs_file_info *file_info; | 196 | struct ecryptfs_file_info *file_info; |
198 | 197 | ||
199 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
200 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
201 | if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
202 | && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) | ||
203 | || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) | ||
204 | || (file->f_flags & O_APPEND))) { | ||
205 | printk(KERN_WARNING "Mount has encrypted view enabled; " | ||
206 | "files may only be read\n"); | ||
207 | rc = -EPERM; | ||
208 | goto out; | ||
209 | } | ||
210 | /* Released in ecryptfs_release or end of function if failure */ | 198 | /* Released in ecryptfs_release or end of function if failure */ |
211 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); | 199 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); |
212 | ecryptfs_set_file_private(file, file_info); | 200 | ecryptfs_set_file_private(file, file_info); |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 1b119d3bf924..34eb8433d93f 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
493 | { | 493 | { |
494 | struct super_block *s; | 494 | struct super_block *s; |
495 | struct ecryptfs_sb_info *sbi; | 495 | struct ecryptfs_sb_info *sbi; |
496 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
496 | struct ecryptfs_dentry_info *root_info; | 497 | struct ecryptfs_dentry_info *root_info; |
497 | const char *err = "Getting sb failed"; | 498 | const char *err = "Getting sb failed"; |
498 | struct inode *inode; | 499 | struct inode *inode; |
@@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
511 | err = "Error parsing options"; | 512 | err = "Error parsing options"; |
512 | goto out; | 513 | goto out; |
513 | } | 514 | } |
515 | mount_crypt_stat = &sbi->mount_crypt_stat; | ||
514 | 516 | ||
515 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); | 517 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); |
516 | if (IS_ERR(s)) { | 518 | if (IS_ERR(s)) { |
@@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | |||
557 | 559 | ||
558 | /** | 560 | /** |
559 | * Set the POSIX ACL flag based on whether they're enabled in the lower | 561 | * Set the POSIX ACL flag based on whether they're enabled in the lower |
560 | * mount. Force a read-only eCryptfs mount if the lower mount is ro. | 562 | * mount. |
561 | * Allow a ro eCryptfs mount even when the lower mount is rw. | ||
562 | */ | 563 | */ |
563 | s->s_flags = flags & ~MS_POSIXACL; | 564 | s->s_flags = flags & ~MS_POSIXACL; |
564 | s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); | 565 | s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; |
566 | |||
567 | /** | ||
568 | * Force a read-only eCryptfs mount when: | ||
569 | * 1) The lower mount is ro | ||
570 | * 2) The ecryptfs_encrypted_view mount option is specified | ||
571 | */ | ||
572 | if (path.dentry->d_sb->s_flags & MS_RDONLY || | ||
573 | mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
574 | s->s_flags |= MS_RDONLY; | ||
565 | 575 | ||
566 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; | 576 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; |
567 | s->s_blocksize = path.dentry->d_sb->s_blocksize; | 577 | s->s_blocksize = path.dentry->d_sb->s_blocksize; |