diff options
| author | Jakob Unterwurzacher | 2016-11-28 22:46:04 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2016-11-28 22:46:04 +0100 |
| commit | a66440c66816c919acfaa4cd079fe2fae7043294 (patch) | |
| tree | a59e9fbb412fecc5548e546548ea72035847adbb | |
| parent | 7fc93ec0937d925941107a0d05341b6da8540d05 (diff) | |
fusefrontend: use Lchown when preserving owner
This prevents (unlikely) symlink race attacks
| -rw-r--r-- | internal/fusefrontend/fs.go | 2 | ||||
| -rw-r--r-- | internal/fusefrontend/fs_dir.go | 13 |
2 files changed, 7 insertions, 8 deletions
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index f41e9a7..261d690 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -157,7 +157,7 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte if fs.args.PreserveOwner { err = fd.Chown(int(context.Owner.Uid), int(context.Owner.Gid)) if err != nil { - tlog.Warn.Printf("Create: Chown failed: %v", err) + tlog.Warn.Printf("Create: fd.Chown failed: %v", err) } } return NewFile(fd, writeOnly, fs) diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go index 6b581b1..05cea75 100644 --- a/internal/fusefrontend/fs_dir.go +++ b/internal/fusefrontend/fs_dir.go @@ -54,9 +54,9 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu err = os.Mkdir(cPath, os.FileMode(mode)) // Set owner if fs.args.PreserveOwner { - err = os.Chown(cPath, int(context.Owner.Uid), int(context.Owner.Gid)) + err = os.Lchown(cPath, int(context.Owner.Uid), int(context.Owner.Gid)) if err != nil { - tlog.Warn.Printf("Mkdir: Chown failed: %v", err) + tlog.Warn.Printf("Mkdir: Lchown failed: %v", err) } } return fuse.ToStatus(err) @@ -94,7 +94,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu return fuse.ToStatus(err) } } - // Set permissions back to what the user wanted if origMode != mode { err = os.Chmod(cPath, os.FileMode(origMode)) @@ -104,13 +103,13 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu } // Set owner if fs.args.PreserveOwner { - err = os.Chown(cPath, int(context.Owner.Uid), int(context.Owner.Gid)) + err = os.Lchown(cPath, int(context.Owner.Uid), int(context.Owner.Gid)) if err != nil { - tlog.Warn.Printf("Mkdir: Chown failed: %v", err) + tlog.Warn.Printf("Mkdir: Lchown 1 failed: %v", err) } - err = os.Chown(filepath.Join(cPath, nametransform.DirIVFilename), int(context.Owner.Uid), int(context.Owner.Gid)) + err = os.Lchown(filepath.Join(cPath, nametransform.DirIVFilename), int(context.Owner.Uid), int(context.Owner.Gid)) if err != nil { - tlog.Warn.Printf("Mkdir: Chown failed: %v", err) + tlog.Warn.Printf("Mkdir: Lchown 2 failed: %v", err) } } return fuse.OK |