mirror of https://gitee.com/openkylin/linux.git
84814d642a
eCryptfs has file encryption keys (FEK), file encryption key encryption keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is encrypted with one or more FEKEKs and stored in the header of the encrypted file. I noticed that the FEK is also being encrypted by the FNEK. This is a problem if a user wants to use a different FNEK than their FEKEK, as their file contents will still be accessible with the FNEK. This is a minimalistic patch which prevents the FNEKs signatures from being copied to the inode signatures list. Ultimately, it keeps the FEK from being encrypted with a FNEK. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Acked-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
crypto.c | ||
debug.c | ||
dentry.c | ||
ecryptfs_kernel.h | ||
file.c | ||
inode.c | ||
keystore.c | ||
kthread.c | ||
main.c | ||
messaging.c | ||
miscdev.c | ||
mmap.c | ||
read_write.c | ||
super.c |