mirror of https://github.com/torvalds/linux.git
84814d642a
eCryptfs has file encryption keys (FEK), file encryption key encryption keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is encrypted with one or more FEKEKs and stored in the header of the encrypted file. I noticed that the FEK is also being encrypted by the FNEK. This is a problem if a user wants to use a different FNEK than their FEKEK, as their file contents will still be accessible with the FNEK. This is a minimalistic patch which prevents the FNEKs signatures from being copied to the inode signatures list. Ultimately, it keeps the FEK from being encrypted with a FNEK. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Acked-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| crypto.c | ||
| debug.c | ||
| dentry.c | ||
| ecryptfs_kernel.h | ||
| file.c | ||
| inode.c | ||
| keystore.c | ||
| kthread.c | ||
| main.c | ||
| messaging.c | ||
| miscdev.c | ||
| mmap.c | ||
| read_write.c | ||
| super.c | ||