diff options
| author | Jakob Unterwurzacher | 2019-01-08 21:50:10 +0100 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2019-01-08 21:50:10 +0100 | 
| commit | b22cc03c7516b2003880db8375d26c76d6dff093 (patch) | |
| tree | 69e3932784ece5228aa046984d73713d0a803022 /internal/ctlsock/ctlsock_serve.go | |
| parent | 4170ef00f32b3943a75f1c85c2b21dbe27ba30cd (diff) | |
fusefrontend: -allow_other: set file mode *after* chown in Create()
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 :
Possible race-conditions between file creation and Fchownat
* Assume a system contains a gocryptfs mount as root user
  with -allow_other
* As a regular user create a new file with mode containing
  the SUID flag and write access for other users
* Before gocryptfs executes the Fchownat call, try to open
  the file again, write some exploit code to it, and try to run it.
For a short time, the file is owned by root and has the SUID flag, so
this is pretty dangerous.
Diffstat (limited to 'internal/ctlsock/ctlsock_serve.go')
0 files changed, 0 insertions, 0 deletions
