lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  1 Apr 2020 13:32:36 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     linux-ext4@...r.kernel.org
Cc:     linux-fscrypt@...r.kernel.org
Subject: [PATCH 1/4] tune2fs: prevent changing UUID of fs with stable_inodes feature

From: Eric Biggers <ebiggers@...gle.com>

The stable_inodes feature is intended to indicate that it's safe to use
IV_INO_LBLK_64 encryption policies, where the encryption depends on the
inode numbers and thus filesystem shrinking is not allowed.  However
since inode numbers are not unique across filesystems, the encryption
also depends on the filesystem UUID, and I missed that there is a
supported way to change the filesystem UUID (tune2fs -U).

So, make 'tune2fs -U' report an error if stable_inodes is set.

We could add a separate stable_uuid feature flag, but it seems unlikely
it would be useful enough on its own to warrant another flag.

Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
 misc/tune2fs.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/misc/tune2fs.c b/misc/tune2fs.c
index 314cc0d0..ca06c98b 100644
--- a/misc/tune2fs.c
+++ b/misc/tune2fs.c
@@ -3236,6 +3236,13 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
 		char buf[SUPERBLOCK_SIZE] __attribute__ ((aligned(8)));
 		__u8 old_uuid[UUID_SIZE];
 
+		if (ext2fs_has_feature_stable_inodes(fs->super)) {
+			fputs(_("Cannot change the UUID of this filesystem "
+				"because it has the stable_inodes feature "
+				"flag.\n"), stderr);
+			exit(1);
+		}
+
 		if (!ext2fs_has_feature_csum_seed(fs->super) &&
 		    (ext2fs_has_feature_metadata_csum(fs->super) ||
 		     ext2fs_has_feature_ea_inode(fs->super))) {
-- 
2.26.0.rc2.310.g2932bb562d-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ