Commit c1b5e3f8 authored by Tyler Hicks's avatar Tyler Hicks Committed by Jiri Slaby

eCryptfs: Force RO mount when encrypted view is enabled

commit 332b122d upstream.

The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:

  e77a56dd [PATCH] eCryptfs: Encrypted passthrough

This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Reported-by: default avatarPriya Bansal <p.bansal@samsung.com>
Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
parent 2bf2e3b9
...@@ -191,23 +191,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) ...@@ -191,23 +191,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
{ {
int rc = 0; int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL; struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry; struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in /* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */ * ecryptfs_lookup() */
struct ecryptfs_file_info *file_info; struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|| (file->f_flags & O_APPEND))) {
printk(KERN_WARNING "Mount has encrypted view enabled; "
"files may only be read\n");
rc = -EPERM;
goto out;
}
/* Released in ecryptfs_release or end of function if failure */ /* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info); ecryptfs_set_file_private(file, file_info);
......
...@@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags ...@@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
{ {
struct super_block *s; struct super_block *s;
struct ecryptfs_sb_info *sbi; struct ecryptfs_sb_info *sbi;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_dentry_info *root_info; struct ecryptfs_dentry_info *root_info;
const char *err = "Getting sb failed"; const char *err = "Getting sb failed";
struct inode *inode; struct inode *inode;
...@@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags ...@@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
err = "Error parsing options"; err = "Error parsing options";
goto out; goto out;
} }
mount_crypt_stat = &sbi->mount_crypt_stat;
s = sget(fs_type, NULL, set_anon_super, flags, NULL); s = sget(fs_type, NULL, set_anon_super, flags, NULL);
if (IS_ERR(s)) { if (IS_ERR(s)) {
...@@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags ...@@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
/** /**
* Set the POSIX ACL flag based on whether they're enabled in the lower * Set the POSIX ACL flag based on whether they're enabled in the lower
* mount. Force a read-only eCryptfs mount if the lower mount is ro. * mount.
* Allow a ro eCryptfs mount even when the lower mount is rw.
*/ */
s->s_flags = flags & ~MS_POSIXACL; s->s_flags = flags & ~MS_POSIXACL;
s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL;
/**
* Force a read-only eCryptfs mount when:
* 1) The lower mount is ro
* 2) The ecryptfs_encrypted_view mount option is specified
*/
if (path.dentry->d_sb->s_flags & MS_RDONLY ||
mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
s->s_flags |= MS_RDONLY;
s->s_maxbytes = path.dentry->d_sb->s_maxbytes; s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
s->s_blocksize = path.dentry->d_sb->s_blocksize; s->s_blocksize = path.dentry->d_sb->s_blocksize;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment