Commit 332b122d authored by Tyler Hicks's avatar Tyler Hicks
Browse files

eCryptfs: Force RO mount when encrypted view is enabled 



The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:

  e77a56dd [PATCH] eCryptfs: Encrypted passthrough

This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.

Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Reported-by: default avatarPriya Bansal <p.bansal@samsung.com>
Cc: stable@vger.kernel.org # v2.6.21+: e77a56dd [PATCH] eCryptfs: Encrypted passthrough
parent c3351dfa

fs/ecryptfs/file.c

+0 −12
Original line number Diff line number Diff line
@@ -190,23 +190,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) 
{

	int rc = 0;

	struct ecryptfs_crypt_stat *crypt_stat = NULL;

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;

	struct dentry *ecryptfs_dentry = file->f_path.dentry;

	/* Private value of ecryptfs_dentry allocated in

	 * ecryptfs_lookup() */

	struct ecryptfs_file_info *file_info;



	mount_crypt_stat = &ecryptfs_superblock_to_private(

		ecryptfs_dentry->d_sb)->mount_crypt_stat;

	if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)

	    && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)

		|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)

		|| (file->f_flags & O_APPEND))) {

		printk(KERN_WARNING "Mount has encrypted view enabled; "

		       "files may only be read\n");

		rc = -EPERM;

		goto out;

	}

	/* Released in ecryptfs_release or end of function if failure */

	file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);

	ecryptfs_set_file_private(file, file_info);

fs/ecryptfs/main.c

+13 −3
Original line number Diff line number Diff line
@@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags 
{

	struct super_block *s;

	struct ecryptfs_sb_info *sbi;

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;

	struct ecryptfs_dentry_info *root_info;

	const char *err = "Getting sb failed";

	struct inode *inode;
@@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags 
		err = "Error parsing options";

		goto out;

	}

	mount_crypt_stat = &sbi->mount_crypt_stat;



	s = sget(fs_type, NULL, set_anon_super, flags, NULL);

	if (IS_ERR(s)) {
@@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags 


	/**

	 * Set the POSIX ACL flag based on whether they're enabled in the lower

	 * mount. Force a read-only eCryptfs mount if the lower mount is ro.

	 * Allow a ro eCryptfs mount even when the lower mount is rw.

	 * mount.

	 */

	s->s_flags = flags & ~MS_POSIXACL;

	s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL);

	s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL;



	/**

	 * Force a read-only eCryptfs mount when:

	 *   1) The lower mount is ro

	 *   2) The ecryptfs_encrypted_view mount option is specified

	 */

	if (path.dentry->d_sb->s_flags & MS_RDONLY ||

	    mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)

		s->s_flags |= MS_RDONLY;



	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;

	s->s_blocksize = path.dentry->d_sb->s_blocksize;

CRA Git | Maintained and supported by SUSTech CRA and CCSE