Re: [RFC][PATCH] ecryptfs: Allow only one instance per lower path

From: Tyler Hicks
Date: Tue Aug 04 2015 - 10:52:41 EST


On 2015-08-04 07:46:50, Richard Weinberger wrote:
> Tyler,
>
> Am 04.08.2015 um 01:07 schrieb Tyler Hicks:
> >> Okay, then I'd argument to give my patch a try although it is not the solution
> >> to the problem I've reported. :-)
> >> If you don't mind I'll resend with a proper changelog.
> >
> > That patch isn't correct since it assumes that all eCryptfs super blocks
> > are equal if the lower paths (and, ultimately, the lower inode) are
> > equal. However, the lower path is only one of many properties of an
> > eCryptfs superblock. For example, the second mount may have been
> > configured to use a different file encryption key.
>
> How would this work if I mount /foo using AES to /mnt_a
> and /foo again using 3DES to /mnt_b?
> Wouldn't both ecrytpfs instances kill each other's files?

No, they shouldn't. Each file contains metadata that describes the
cipher, cipher mode, key signature, etc., that was used to encrypt the
file.

When the file is initially opened, the process must have the correct key
in the keyrings that it has access to. After that requirement has been
met, eCryptfs is smart enough to parse the metadata and use the correct
cipher and mode.

The mount options, such as ecryptfs_cipher, only specify what should be
used when creating new files.

Tyler

Attachment: signature.asc
Description: Digital signature