diff options
author | Jakob Unterwurzacher | 2019-01-08 21:50:10 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2019-01-08 21:50:10 +0100 |
commit | b22cc03c7516b2003880db8375d26c76d6dff093 (patch) | |
tree | 69e3932784ece5228aa046984d73713d0a803022 /internal/cryptocore/cryptocore.go | |
parent | 4170ef00f32b3943a75f1c85c2b21dbe27ba30cd (diff) |
fusefrontend: -allow_other: set file mode *after* chown in Create()
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 :
Possible race-conditions between file creation and Fchownat
* Assume a system contains a gocryptfs mount as root user
with -allow_other
* As a regular user create a new file with mode containing
the SUID flag and write access for other users
* Before gocryptfs executes the Fchownat call, try to open
the file again, write some exploit code to it, and try to run it.
For a short time, the file is owned by root and has the SUID flag, so
this is pretty dangerous.
Diffstat (limited to 'internal/cryptocore/cryptocore.go')
0 files changed, 0 insertions, 0 deletions