diff options
author | Jakob Unterwurzacher | 2017-11-30 19:40:53 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-11-30 19:40:53 +0100 |
commit | e97c23e08383666117523cf3145f1213b41c2489 (patch) | |
tree | 19e93878a9f87e41d4704325d4f01c44c464214b /internal/nametransform | |
parent | 22282aefe6f4da0257ea8f568aa4369ad15ce5f9 (diff) |
syscallcompat: check that we get NOFOLLOW wherever possible
...and fix the instances where the AT_SYMLINK_NOFOLLOW /
O_NOFOLLOW / O_EXCL flag was missing.
Diffstat (limited to 'internal/nametransform')
-rw-r--r-- | internal/nametransform/diriv.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index fe289c6..f980a04 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -36,7 +36,8 @@ func ReadDirIV(dir string) (iv []byte, err error) { // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd". // Using the dirfd makes it immune to concurrent renames of the directory. func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) { - fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename, syscall.O_RDONLY, 0) + fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename, + syscall.O_RDONLY|syscall.O_NOFOLLOW, 0) if err != nil { tlog.Warn.Printf("ReadDirIVAt: opening %q in dir %q failed: %v", DirIVFilename, dirfd.Name(), err) |