eCryptfs: allow userspace messaging to be disabled

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

authored by

Kees Cook and committed by

Tyler Hicks 13 years ago 290502be 1111eae9

+55 -16

5 changed files

expand all

ecryptfs

Kconfig

Makefile

ecryptfs_kernel.h

keystore.c

include

linux

ecryptfs.h

fs/ecryptfs/Kconfig

··· 12 12 13 13 To compile this file system support as a module, choose M here: the 14 14 module will be called ecryptfs. 15 + 16 + config ECRYPT_FS_MESSAGING 17 + bool "Enable notifications for userspace key wrap/unwrap" 18 + depends on ECRYPT_FS 19 + help 20 + Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows 21 + for userspace to wrap/unwrap file encryption keys by other 22 + backends, like OpenSSL.

+5 -2

fs/ecryptfs/Makefile

··· 1 1 # 2 - # Makefile for the Linux 2.6 eCryptfs 2 + # Makefile for the Linux eCryptfs 3 3 # 4 4 5 5 obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o 6 6 7 - ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o read_write.o crypto.o keystore.o messaging.o miscdev.o kthread.o debug.o 7 + ecryptfs-y := dentry.o file.o inode.o main.o super.o mmap.o read_write.o \ 8 + crypto.o keystore.o kthread.o debug.o 9 + 10 + ecryptfs-$(CONFIG_ECRYPT_FS_MESSAGING) += messaging.o miscdev.o

+38 -2

fs/ecryptfs/ecryptfs_kernel.h

··· 172 172 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24 173 173 #define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32) 174 174 175 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 176 + # define ECRYPTFS_VERSIONING_MASK_MESSAGING (ECRYPTFS_VERSIONING_DEVMISC \ 177 + | ECRYPTFS_VERSIONING_PUBKEY) 178 + #else 179 + # define ECRYPTFS_VERSIONING_MASK_MESSAGING 0 180 + #endif 181 + 182 + #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ 183 + | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ 184 + | ECRYPTFS_VERSIONING_XATTR \ 185 + | ECRYPTFS_VERSIONING_MULTKEY \ 186 + | ECRYPTFS_VERSIONING_MASK_MESSAGING \ 187 + | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) 175 188 struct ecryptfs_key_sig { 176 189 struct list_head crypt_stat_list; 177 190 char keysig[ECRYPTFS_SIG_SIZE_HEX + 1]; ··· 412 399 struct hlist_node euid_chain; 413 400 }; 414 401 402 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 415 403 extern struct mutex ecryptfs_daemon_hash_mux; 404 + #endif 416 405 417 406 static inline size_t 418 407 ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat) ··· 619 604 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 620 605 size_t size, int flags); 621 606 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); 607 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 622 608 int ecryptfs_process_response(struct ecryptfs_daemon *daemon, 623 609 struct ecryptfs_message *msg, u32 seq); 624 610 int ecryptfs_send_message(char *data, int data_len, ··· 628 612 struct ecryptfs_message **emsg); 629 613 int ecryptfs_init_messaging(void); 630 614 void ecryptfs_release_messaging(void); 615 + #else 616 + static inline int ecryptfs_init_messaging(void) 617 + { 618 + return 0; 619 + } 620 + static inline void ecryptfs_release_messaging(void) 621 + { } 622 + static inline int ecryptfs_send_message(char *data, int data_len, 623 + struct ecryptfs_msg_ctx **msg_ctx) 624 + { 625 + return -ENOTCONN; 626 + } 627 + static inline int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, 628 + struct ecryptfs_message **emsg) 629 + { 630 + return -ENOMSG; 631 + } 632 + #endif 631 633 632 634 void 633 635 ecryptfs_write_header_metadata(char *virt, ··· 683 649 size_t offset_in_page, size_t size, 684 650 struct inode *ecryptfs_inode); 685 651 struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index); 686 - int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); 687 - int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon); 688 652 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, 689 653 size_t *length_size); 690 654 int ecryptfs_write_packet_length(char *dest, size_t size, 691 655 size_t *packet_size_length); 656 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 692 657 int ecryptfs_init_ecryptfs_miscdev(void); 693 658 void ecryptfs_destroy_ecryptfs_miscdev(void); 694 659 int ecryptfs_send_miscdev(char *data, size_t data_size, ··· 696 663 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); 697 664 int 698 665 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file); 666 + int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); 667 + int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon); 668 + #endif 699 669 int ecryptfs_init_kthread(void); 700 670 void ecryptfs_destroy_kthread(void); 701 671 int ecryptfs_privileged_open(struct file **lower_file,

+2 -2

fs/ecryptfs/keystore.c

··· 1168 1168 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1169 1169 if (rc) { 1170 1170 ecryptfs_printk(KERN_ERR, "Error sending message to " 1171 - "ecryptfsd\n"); 1171 + "ecryptfsd: %d\n", rc); 1172 1172 goto out; 1173 1173 } 1174 1174 rc = ecryptfs_wait_for_response(msg_ctx, &msg); ··· 1988 1988 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1989 1989 if (rc) { 1990 1990 ecryptfs_printk(KERN_ERR, "Error sending message to " 1991 - "ecryptfsd\n"); 1991 + "ecryptfsd: %d\n", rc); 1992 1992 goto out; 1993 1993 } 1994 1994 rc = ecryptfs_wait_for_response(msg_ctx, &msg);

+2 -10

include/linux/ecryptfs.h

··· 6 6 #define ECRYPTFS_VERSION_MINOR 0x04 7 7 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 8 8 /* These flags indicate which features are supported by the kernel 9 - * module; userspace tools such as the mount helper read 10 - * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine 11 - * how to behave. */ 9 + * module; userspace tools such as the mount helper read the feature 10 + * bits from a sysfs handle in order to determine how to behave. */ 12 11 #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 13 12 #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 14 13 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 ··· 18 19 #define ECRYPTFS_VERSIONING_HMAC 0x00000080 19 20 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 20 21 #define ECRYPTFS_VERSIONING_GCM 0x00000200 21 - #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ 22 - | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ 23 - | ECRYPTFS_VERSIONING_PUBKEY \ 24 - | ECRYPTFS_VERSIONING_XATTR \ 25 - | ECRYPTFS_VERSIONING_MULTKEY \ 26 - | ECRYPTFS_VERSIONING_DEVMISC \ 27 - | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) 28 22 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 29 23 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH 30 24 #define ECRYPTFS_SALT_SIZE 8