diff options
| author | Sebastian Lackner | 2019-01-09 02:40:10 +0100 |
|---|---|---|
| committer | Sebastian Lackner | 2019-01-12 20:35:50 +0100 |
| commit | 669322482a9be3d62abbe0361a8cc2e10e99fc3e (patch) | |
| tree | 8aeb3307cbdcc5baa41c71b8b7293d68c0ec8d87 /internal | |
| parent | fcaca5fc94d981aa637beb752edc8cb3c2265e96 (diff) | |
fusefrontend: Don't chown gocryptfs.diriv files.
The current code has a risk of race-conditions, since we pass a path
containing "/" to Fchownat. We could fix this by opening a file descriptor,
however, this does not seem worth the effort. We also don't chown *.name files.
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/fusefrontend/fs.go | 16 | ||||
| -rw-r--r-- | internal/fusefrontend/fs_dir.go | 8 |
2 files changed, 3 insertions, 21 deletions
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index 7beeb4f..2cd4630 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -5,7 +5,6 @@ package fusefrontend import ( "os" - "path/filepath" "sync" "syscall" "time" @@ -326,19 +325,8 @@ func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) return fuse.ToStatus(err) } defer syscall.Close(dirfd) - code = fuse.ToStatus(syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)) - if !code.Ok() { - return code - } - if !fs.args.PlaintextNames { - // When filename encryption is active, every directory contains - // a "gocryptfs.diriv" file. This file should also change the owner. - // Instead of checking if "cName" is a directory, we just blindly - // execute the chown on "cName/gocryptfs.diriv" and ignore errors. - dirIVPath := filepath.Join(cName, nametransform.DirIVFilename) - syscallcompat.Fchownat(dirfd, dirIVPath, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW) - } - return fuse.OK + err = syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW) + return fuse.ToStatus(err) } // Mknod - FUSE call. Create a device file. diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go index 13db975..afcc5e5 100644 --- a/internal/fusefrontend/fs_dir.go +++ b/internal/fusefrontend/fs_dir.go @@ -5,7 +5,6 @@ package fusefrontend import ( "fmt" "io" - "path/filepath" "runtime" "syscall" @@ -124,16 +123,11 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu err = syscallcompat.Fchownat(dirfd, cName, int(context.Owner.Uid), int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW) if err != nil { - tlog.Warn.Printf("Mkdir %q: Fchownat(1) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err) + tlog.Warn.Printf("Mkdir %q: Fchownat %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err) // In case of a failure, we don't want to proceed setting more // permissive modes. return fuse.ToStatus(err) } - err = syscallcompat.Fchownat(dirfd, filepath.Join(cName, nametransform.DirIVFilename), - int(context.Owner.Uid), int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW) - if err != nil { - tlog.Warn.Printf("Mkdir %q: Fchownat(2) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err) - } } // Set mode if origMode != mode { |