aboutsummaryrefslogtreecommitdiff
path: root/tests/fsck/broken_fs_v1.4/6nGs4Ugr3EAHd0KzkyLZ-Q
diff options
context:
space:
mode:
authorJakob Unterwurzacher2019-01-08 21:50:10 +0100
committerJakob Unterwurzacher2019-01-08 21:50:10 +0100
commitb22cc03c7516b2003880db8375d26c76d6dff093 (patch)
tree69e3932784ece5228aa046984d73713d0a803022 /tests/fsck/broken_fs_v1.4/6nGs4Ugr3EAHd0KzkyLZ-Q
parent4170ef00f32b3943a75f1c85c2b21dbe27ba30cd (diff)
fusefrontend: -allow_other: set file mode *after* chown in Create()
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 : Possible race-conditions between file creation and Fchownat * Assume a system contains a gocryptfs mount as root user with -allow_other * As a regular user create a new file with mode containing the SUID flag and write access for other users * Before gocryptfs executes the Fchownat call, try to open the file again, write some exploit code to it, and try to run it. For a short time, the file is owned by root and has the SUID flag, so this is pretty dangerous.
Diffstat (limited to 'tests/fsck/broken_fs_v1.4/6nGs4Ugr3EAHd0KzkyLZ-Q')
0 files changed, 0 insertions, 0 deletions