From 976f7cbc2b8a992892a45332d0621223a0c5efc2 Mon Sep 17 00:00:00 2001 From: Jack Vogel Date: Tue, 17 Oct 2017 14:06:19 -0700 Subject: [PATCH] CVE-2016-10318 missing authorization check fscrypt_process_policy MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Port to UEK4 of mainline commit id 163ae1c6ad62. On an ext4 or f2fs filesystem with file encryption supported, a user could set an encryption policy on any empty directory(*) to which they had readonly access. This is obviously problematic, since such a directory might be owned by another user and the new encryption policy would prevent that other user from creating files in their own directory (for example). Fix this by requiring inode_owner_or_capable() permission to set an encryption policy. This means that either the caller must own the file, or the caller must have the capability CAP_FOWNER. (*) Or also on any regular file, for f2fs v4.6 and later and ext4 v4.8-rc1 and later; a separate bug fix is coming for that. Orabug: 25883175 Signed-off-by: Jack Vogel Acked-by: HÃ¥kon Bugge Reviewed-by: Ethan Zhao Signed-off-by: Dhaval Giani --- fs/ext4/crypto_policy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c index a6d6291aea163..591fc37dcd9eb 100644 --- a/fs/ext4/crypto_policy.c +++ b/fs/ext4/crypto_policy.c @@ -85,6 +85,9 @@ static int ext4_create_encryption_context_from_policy( int ext4_process_policy(const struct ext4_encryption_policy *policy, struct inode *inode) { + if (!inode_owner_or_capable(inode)) + return -EACCES; + if (policy->version != 0) return -EINVAL; -- 2.50.1