From 43b113fea2d427e17e7663494fc70c4e93e83d5e Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 21 Sep 2016 12:21:29 +0200 Subject: [PATCH] ubifs: Massage ubifs_listxattr() for encryption context We have to make sure that we don't expose our internal crypto context to userspace. Signed-off-by: Richard Weinberger --- fs/ubifs/xattr.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 95a16028bbdb..77ffc9788f45 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -397,6 +397,20 @@ out_unlock: return err; } +static bool xattr_visible(const char *name) +{ + /* File encryption related xattrs are for internal use only */ + if (strcmp(name, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT) == 0) + return false; + + /* Show trusted namespace only for "power" users */ + if (strncmp(name, XATTR_TRUSTED_PREFIX, + XATTR_TRUSTED_PREFIX_LEN) == 0 && !capable(CAP_SYS_ADMIN)) + return false; + + return true; +} + ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) { union ubifs_key key; @@ -432,10 +446,7 @@ ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) nm.name = xent->name; nm.len = le16_to_cpu(xent->nlen); - /* Show trusted namespace only for "power" users */ - if (strncmp(xent->name, XATTR_TRUSTED_PREFIX, - XATTR_TRUSTED_PREFIX_LEN) || - capable(CAP_SYS_ADMIN)) { + if (xattr_visible(xent->name)) { memcpy(buffer + written, nm.name, nm.len + 1); written += nm.len + 1; } -- 2.20.1