diff options
| author | Jakob Unterwurzacher | 2018-09-08 19:27:33 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2018-09-08 19:27:33 +0200 |
| commit | e8d8ae54d3b852d1d35b6db81d4a0beb57fbdce1 (patch) | |
| tree | 15a537806a1d39fbb6778daf11017d2ba73b481a /internal/fusefrontend/names.go | |
| parent | 84d6fafeca8f1d7b1b631a56fc3dc47016c4ba31 (diff) | |
fusefrontend: use OpenDirNofollow in openBackingDir
Rename openBackingPath to openBackingDir and use OpenDirNofollow
to be safe against symlink races. Note that openBackingDir is
not used in several important code paths like Create().
But it is used in Unlink, and the performance impact in the RM benchmark
to be acceptable:
Before
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.bYO: gocryptfs v1.6-12-g930c37e-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.07979 s, 243 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.882413 s, 297 MB/s
UNTAR: 16.703
MD5: 7.606
LS: 1.349
RM: 3.237
After
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.jK3: gocryptfs v1.6-13-g84d6faf-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.06261 s, 247 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.947228 s, 277 MB/s
UNTAR: 17.197
MD5: 7.540
LS: 1.364
RM: 3.410
Diffstat (limited to 'internal/fusefrontend/names.go')
| -rw-r--r-- | internal/fusefrontend/names.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go index 9be2623..d7fbdce 100644 --- a/internal/fusefrontend/names.go +++ b/internal/fusefrontend/names.go @@ -7,6 +7,7 @@ import ( "path/filepath" "github.com/rfjakob/gocryptfs/internal/configfile" + "github.com/rfjakob/gocryptfs/internal/syscallcompat" "github.com/rfjakob/gocryptfs/internal/tlog" ) @@ -40,18 +41,21 @@ func (fs *FS) getBackingPath(relPath string) (string, error) { return cAbsPath, nil } -// openBackingPath - get the absolute encrypted path of the backing file -// and open the corresponding directory -func (fs *FS) openBackingPath(relPath string) (*os.File, string, error) { - cPath, err := fs.getBackingPath(relPath) +// openBackingDir opens the parent ciphertext directory of plaintext path +// "relPath" and returns the dirfd and the encrypted basename. +// The caller should then use Openat(dirfd, cName, ...) and friends. +// openBackingDir is secure against symlink races. +func (fs *FS) openBackingDir(relPath string) (*os.File, string, error) { + cRelPath, err := fs.encryptPath(relPath) if err != nil { return nil, "", err } - dirfd, err := os.Open(filepath.Dir(cPath)) + // Open parent dir + dirfd, err := syscallcompat.OpenDirNofollow(fs.args.Cipherdir, filepath.Dir(cRelPath)) if err != nil { return nil, "", err } - return dirfd, filepath.Base(cPath), nil + return os.NewFile(uintptr(dirfd), cRelPath), filepath.Base(cRelPath), nil } // encryptPath - encrypt relative plaintext path |