HomeFreeBSD
Diffusion FreeBSD src repository 7b30ee6bafe9

Project dnode should be protected by local MAC
7b30ee6bafe9
Actions

Description

Project dnode should be protected by local MAC

This patch corrects a small security issue with 9c5167d1. When the
project dnode was added to the objset_phys_t, it was not included
in the local MAC for cryptographic protection, allowing an attacker
to modify this data without the consent of the key holder. This
patch does represent an on-disk format change for anyone using
project dnodes on an encrypted dataset.

Signed-off-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #7177

Details

Provenance
Tom Caputi <tcaputi@datto.com>Authored on Feb 20 2018, 5:41 PM
Brian Behlendorf <behlendorf1@llnl.gov>Committed on Feb 20 2018, 5:41 PM
Parents
rGe921f6508b21: Fix config issues: frame size and headers
Branches
Unknown
Tags
Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rG7b30ee6bafe9: Project dnode should be protected by local MAC (authored by Tom Caputi <tcaputi@datto.com>).Feb 20 2018, 5:41 PM

Changes (1)

PathSize
module/
zfs/

rG7b30ee6bafe9

View Options

module/zfs/zio_crypt.c

Loading...