aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-12-07 00:08:10 +0100
committerJakob Unterwurzacher2017-12-07 00:11:35 +0100
commit87736eb833dfcf3f110dbd8846752c86aae7b481 (patch)
treed36b4048d5e30062edd1712daee1d37f02efdc62 /tests
parent2ceef01afecafbd4aa80276869993cb53bdadcf4 (diff)
fusefrontend_reverse: secure Access against symlink races (somewhat)
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165
Diffstat (limited to 'tests')
-rw-r--r--tests/reverse/correctness_test.go32
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/reverse/correctness_test.go b/tests/reverse/correctness_test.go
index 63043b7..15eb18b 100644
--- a/tests/reverse/correctness_test.go
+++ b/tests/reverse/correctness_test.go
@@ -8,7 +8,10 @@ import (
"syscall"
"testing"
+ "golang.org/x/sys/unix"
+
"github.com/rfjakob/gocryptfs/internal/ctlsock"
+ "github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/tests/test_helpers"
)
@@ -138,6 +141,35 @@ func TestAccessVirtual(t *testing.T) {
}
}
+// Check that the access() syscall works on regular files
+func TestAccess(t *testing.T) {
+ f, err := os.Create(dirA + "/testaccess1")
+ if err != nil {
+ t.Fatal(err)
+ }
+ f.Close()
+ f, err = os.Open(dirB)
+ if err != nil {
+ t.Fatal(err)
+ }
+ names, err := f.Readdirnames(0)
+ if err != nil {
+ t.Fatal(err)
+ }
+ for _, n := range names {
+ // Check if file exists - this should never fail
+ err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.F_OK)
+ if err != nil {
+ t.Errorf("%s: %v", n, err)
+ }
+ // Check if file is readable
+ err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.R_OK)
+ if err != nil {
+ t.Logf("%s: %v", n, err)
+ }
+ }
+}
+
// Opening a nonexistant file name should return ENOENT
// and not EBADMSG or EIO or anything else.
func TestEnoent(t *testing.T) {