| Message ID | 1459660924-2960-12-git-send-email-ebiggers3@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index cb5ba27..3f5c275 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -96,6 +96,9 @@ int fscrypt_set_policy(struct inode *inode, const struct fscrypt_policy *policy) { int ret = 0; + if (!inode_owner_or_capable(inode)) + return -EACCES; + if (policy->version != 0) return -EINVAL;
On a filesystem with encryption enabled, a user could set an encryption policy on any empty directory to which they have readonly access. This is a potential security issue since such a directory might be owned by another user, and the new encryption policy may prevent that user from creating files in their own directory. Fix this by requiring inode_owner_or_capable() permission to set an encryption policy. Signed-off-by: Eric Biggers <ebiggers3@gmail.com> --- fs/crypto/policy.c | 3 +++ 1 file changed, 3 insertions(+)