From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: david@sigma-star.at, tytso@mit.edu, dedekind1@gmail.com,
ebiggers@google.com, mhalcrow@google.com,
adrian.hunter@intel.com, linux-kernel@vger.kernel.org,
hch@infradead.org, linux-fsdevel@vger.kernel.org,
jaegeuk@kernel.org, dengler@linutronix.de, sbabic@denx.de,
wd@denx.de, Richard Weinberger <richard@nod.at>
Subject: [PATCH 05/24] ubifs: Massage ubifs_listxattr() for encryption context
Date: Thu, 1 Dec 2016 22:20:52 +0100 [thread overview]
Message-ID: <1480627271-10441-6-git-send-email-richard@nod.at> (raw)
In-Reply-To: <1480627271-10441-1-git-send-email-richard@nod.at>
We have to make sure that we don't expose our internal
crypto context to userspace.
Signed-off-by: Richard Weinberger <richard@nod.at>
---
fs/ubifs/xattr.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
index 95a16028bbdb..77ffc9788f45 100644
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -397,6 +397,20 @@ ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
return err;
}
+static bool xattr_visible(const char *name)
+{
+ /* File encryption related xattrs are for internal use only */
+ if (strcmp(name, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT) == 0)
+ return false;
+
+ /* Show trusted namespace only for "power" users */
+ if (strncmp(name, XATTR_TRUSTED_PREFIX,
+ XATTR_TRUSTED_PREFIX_LEN) == 0 && !capable(CAP_SYS_ADMIN))
+ return false;
+
+ return true;
+}
+
ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size)
{
union ubifs_key key;
@@ -432,10 +446,7 @@ ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size)
nm.name = xent->name;
nm.len = le16_to_cpu(xent->nlen);
- /* Show trusted namespace only for "power" users */
- if (strncmp(xent->name, XATTR_TRUSTED_PREFIX,
- XATTR_TRUSTED_PREFIX_LEN) ||
- capable(CAP_SYS_ADMIN)) {
+ if (xattr_visible(xent->name)) {
memcpy(buffer + written, nm.name, nm.len + 1);
written += nm.len + 1;
}
--
2.7.3
next prev parent reply other threads:[~2016-12-01 21:27 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-01 21:20 [PATCH 00/24] UBIFS File Encryption v2 Richard Weinberger
2016-12-01 21:20 ` [PATCH 01/24] ubifs: Export ubifs_check_dir_empty() Richard Weinberger
2016-12-01 21:20 ` [PATCH 02/24] ubifs: Export xattr get and set functions Richard Weinberger
2016-12-01 21:20 ` [PATCH 03/24] ubifs: Define UBIFS crypto context xattr Richard Weinberger
2016-12-01 21:20 ` [PATCH 04/24] ubifs: Add skeleton for fscrypto Richard Weinberger
2016-12-01 21:20 ` Richard Weinberger [this message]
2016-12-01 21:20 ` [PATCH 06/24] ubifs: Implement directory open operation Richard Weinberger
2016-12-01 21:20 ` [PATCH 07/24] ubifs: Implement file " Richard Weinberger
2016-12-01 21:20 ` [PATCH 08/24] ubifs: Enforce crypto policy in ->link and ->rename Richard Weinberger
2016-12-01 21:20 ` [PATCH 09/24] ubifs: Preload crypto context in ->lookup() Richard Weinberger
2016-12-01 21:20 ` [PATCH 10/24] ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto Richard Weinberger
2016-12-01 21:20 ` [PATCH 11/24] ubifs: Enforce crypto policy in mmap Richard Weinberger
2016-12-01 21:20 ` [PATCH 12/24] ubifs: Introduce new data node field, compr_size Richard Weinberger
2016-12-01 21:21 ` [PATCH 13/24] ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() Richard Weinberger
2016-12-01 21:21 ` [PATCH 14/24] ubifs: Implement encrypt/decrypt for all IO Richard Weinberger
2016-12-01 21:21 ` [PATCH 15/24] ubifs: Relax checks in ubifs_validate_entry() Richard Weinberger
2016-12-01 21:21 ` [PATCH 16/24] ubifs: Make r5 hash binary string aware Richard Weinberger
2016-12-01 21:21 ` [PATCH 17/24] ubifs: Implement encrypted filenames Richard Weinberger
2016-12-01 21:21 ` [PATCH 18/24] ubifs: Add support for encrypted symlinks Richard Weinberger
2016-12-01 21:21 ` [PATCH 19/24] ubifs: Rename tnc_read_node_nm Richard Weinberger
2016-12-01 21:21 ` [PATCH 20/24] ubifs: Add full hash lookup support Richard Weinberger
2016-12-01 21:21 ` [PATCH 21/24] ubifs: Use a random number for cookies Richard Weinberger
2016-12-01 21:21 ` [PATCH 22/24] ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2016-12-01 21:21 ` [PATCH 23/24] ubifs: Implement UBIFS_FLG_ENCRYPTION Richard Weinberger
2016-12-01 21:21 ` [PATCH 24/24] ubifs: Raise write version to 5 Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1480627271-10441-6-git-send-email-richard@nod.at \
--to=richard@nod.at \
--cc=adrian.hunter@intel.com \
--cc=david@sigma-star.at \
--cc=dedekind1@gmail.com \
--cc=dengler@linutronix.de \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=sbabic@denx.de \
--cc=tytso@mit.edu \
--cc=wd@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.