diff options
author | Jakob Unterwurzacher | 2017-10-31 19:44:54 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-10-31 19:48:01 +0100 |
commit | a1a98abfbb1fe3bd235ca1a7e275f84d41afa417 (patch) | |
tree | 21c0f80984b5fd68eacd9b20adad84dc5e2d52c8 | |
parent | 34547a6c390bfadf2342df1676f6e5ddfa4876af (diff) |
main: disallow recursively encrypting ourselves
From https://github.com/rfjakob/gocryptfs/issues/150:
mkdir a
mkdir a/b
gocryptsfs -init -reverse a/
gocryptfs -reverse a/ a/b
Now directory a/b/ contains encrypted view of 'a' but it
is possible to descend into encrypted version of b (e.g.
a/b/43873uhj538765387/) which contains double encrypted
'a' and so on.
Reported-by: https://github.com/tigmac
-rw-r--r-- | mount.go | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -47,6 +47,13 @@ func doMount(args *argContainer) int { args.mountpoint, args.cipherdir) os.Exit(exitcodes.MountPoint) } + // Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively + // encrypting ourselves. + if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") { + tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported", + args.mountpoint, args.cipherdir) + os.Exit(exitcodes.MountPoint) + } if args.nonempty { err = checkDir(args.mountpoint) } else { |