syscallcompat: check that we get NOFOLLOW wherever possible

...and fix the instances where the AT_SYMLINK_NOFOLLOW / O_NOFOLLOW / O_EXCL flag was missing.
author: Jakob Unterwurzacher 2017-11-30 19:40:53 +0100
committer: Jakob Unterwurzacher 2017-11-30 19:40:53 +0100
commit: e97c23e08383666117523cf3145f1213b41c2489 (patch)
tree: 19e93878a9f87e41d4704325d4f01c44c464214b /internal/nametransform
parent: 22282aefe6f4da0257ea8f568aa4369ad15ce5f9 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index fe289c6..f980a04 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -36,7 +36,8 @@ func ReadDirIV(dir string) (iv []byte, err error) {
 // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
 // Using the dirfd makes it immune to concurrent renames of the directory.
 func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
-	fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename, syscall.O_RDONLY, 0)
+	fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename,
+		syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
 	if err != nil {
 		tlog.Warn.Printf("ReadDirIVAt: opening %q in dir %q failed: %v",
 			DirIVFilename, dirfd.Name(), err)
author	Jakob Unterwurzacher	2017-11-30 19:40:53 +0100
committer	Jakob Unterwurzacher	2017-11-30 19:40:53 +0100
commit	e97c23e08383666117523cf3145f1213b41c2489 (patch)
tree	19e93878a9f87e41d4704325d4f01c44c464214b /internal/nametransform
parent	22282aefe6f4da0257ea8f568aa4369ad15ce5f9 (diff)