aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18fusefrontend[_reverse]: move crypto init up to callerJakob Unterwurzacher
Both fusefrontend and fusefrontend_reverse were doing essentially the same thing, move it into main's initFuseFrontend. A side-effect is that we have a reference to cryptocore in main, which will help with wiping the keys on exit (https://github.com/rfjakob/gocryptfs/issues/211).
2018-02-17stupidgcm: implement key wipeJakob Unterwurzacher
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: switch to pointer receiversJakob Unterwurzacher
What the key slice does not get copied around will make it possible to check if the key has been wiped.
2018-02-06benchmark.bash: print tested versionJakob Unterwurzacher
2018-02-05README: Mention min required Go versionJakob Unterwurzacher
2018-02-04gccgo: skip emulateGetdents on linuxJakob Unterwurzacher
The test is known to fail on gccgo (https://github.com/rfjakob/gocryptfs/issues/201), but getdents emulation is not used on linux, so let's skip the test and ignore the failure.
2018-02-04Fix spelling (#205)Felix Lechner
2018-02-03Fix assignment error in Unix2syscall by converting Timespec into Nsec (#203)Felix Lechner
$ go.gcc build # github.com/rfjakob/gocryptfs/internal/syscallcompat internal/syscallcompat/unix2syscall_linux.go:32:13: error: incompatible types in assignment (cannot use type int64 as type syscall.Timespec_sec_t) s.Atim.Sec = u.Atim.Sec ^
2018-02-03MANPAGE: improve markdown renderingJakob Unterwurzacher
The man page is rendered on github at https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md . Improve formatting a little.
2018-02-01gccgo: replace syscall.NAME_MAX with unix.NAME_MAXJakob Unterwurzacher
For some reason the syscall.NAME_MAX constant does not exist on gccgo, and it does not hurt us to use unix.NAME_MAX instead. https://github.com/rfjakob/gocryptfs/issues/201
2018-01-31syscallcompat: switch from syscall.Getdents to unix.GetdentsJakob Unterwurzacher
On mips64le, syscall.Getdents() and struct syscall.Dirent do not fit together, causing our Getdents implementation to return garbage ( https://github.com/rfjakob/gocryptfs/issues/200 and https://github.com/golang/go/issues/23624 ). Switch to unix.Getdents which does not have this problem - the next Go release with the syscall package fixes is too far away, and will take time to trickle into distros.
2018-01-31Update depsJakob Unterwurzacher
2018-01-28added usage of reverse mode to READMEKenneth Newwood
2018-01-25syscallcompat: hardcode maxReclen = 280 for all architecturesJakob Unterwurzacher
Due to padding between entries, it is 280 even on 32-bit architectures. See https://github.com/rfjakob/gocryptfs/issues/197 for details.
2018-01-25syscallcompat: fix reversed warning outputJakob Unterwurzacher
We used to print somewhat strange messages: Getdents: corrupt entry #1: Reclen=276 > 280. Returning EBADR Reported at https://github.com/rfjakob/gocryptfs/issues/197
2018-01-25Update README.mdrfjakob
README: add missing word
2018-01-25fusefrontend: drop unused haveGetdents warningJakob Unterwurzacher
We don't actually print that warning anymore.
2018-01-25syscallcompat: explain why we don't use syscall.ParseDirent()Jakob Unterwurzacher
syscall.ParseDirent only returns the NAMES, we want everything.
2018-01-21Documentation: update xfstests outputv1.4.3Jakob Unterwurzacher
Also update the v1.4.3 release date to today. The release was delayed one day.
2018-01-21Documentation: add extractloop example outputJakob Unterwurzacher
2018-01-20Update changelog for 1.4.3Jakob Unterwurzacher
2018-01-20Travis CI: also build with vendored dependenciesJakob Unterwurzacher
2018-01-20dep: update dependenciesJakob Unterwurzacher
We needed a newer version of x/sys/unix to compile, and we want the fixes in go-fuse.
2018-01-20MacOS: rely on OSXFuse to create the mountpointJakob Unterwurzacher
As reported in https://github.com/rfjakob/gocryptfs/issues/194 , OSXFuse creates the mountpoint if it does not exist.
2018-01-20MANPAGE: improve description of -o and -koJakob Unterwurzacher
Was unclear for new users - see https://github.com/rfjakob/gocryptfs/issues/194
2018-01-17fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttrJakob Unterwurzacher
Makes it robust against symlink races. Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17fusefrontend_reverse: use OpenNofollow in findLongnameParentJakob Unterwurzacher
Protects findLongnameParent against symlink races. Also add comments to several functions along the way. Reported at https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17fusefronted: add PlaintextNames special-cases for Create & RenameJakob Unterwurzacher
gocryptfs.longname.XXX files were considered magic in PlaintextNames mode, which was wrong. Fix that and add tests. Fixes https://github.com/rfjakob/gocryptfs/issues/174
2018-01-16Run go fmtJakob Unterwurzacher
2018-01-16MacOS: rely on OSXFuse to create mountpoint below /VolumesJakob Unterwurzacher
OSXFuse automatically creates the mountpoint if it is below /Volumes because this would require root permissions which the user might not have. Reported at https://github.com/rfjakob/gocryptfs/issues/194
2018-01-10Provide basic man page for xray tool (#193)Felix Lechner
Provide basic man page for xray tool
2018-01-10Fix spellingFelix Lechner
2018-01-07package-source.bash: archive HEAD instead of masterJakob Unterwurzacher
To be able to check out an older version and create a tarball from it, let `git archive` operate on HEAD. This used to be broken in a bad way: we use `git describe` which operates on HEAD to name the tarball, but always archived HEAD.
2018-01-07package-source.bash: also create source-only tarballJakob Unterwurzacher
We used to only create a source + dependecies tarball, but having a source-only tarball makes packaging deb/rpm easier.
2017-12-25fusefrontend: Use Linkat syscall to implement LinkSebastian Lackner
2017-12-25fusefrontend: Handle PlaintextNames mode in LinkSebastian Lackner
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any special meaning. https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25Pinned the link to line 38 of performance.txt to version 1.4.1 since ↵Rohan Talip
https://github.com/rfjakob/gocryptfs/commit/f0e29d9b90b63d5fbe4164161ecb0e1035bb4af4#diff-86b7f3262ae352959ee0e04cccaac1b0 added an extra line.
2017-12-11fusefrontend_reverse: Use O_DIRECTORY in OpenDir implementationSebastian Lackner
Also get rid of the defer - it is not really necessary here.
2017-12-11fusefrontend_reverse: Reject access to device nodes in newFile functionSebastian Lackner
Steps to reproduce: * Create a regular reverse mount point * Create a file "test" in the original directory * Access the corresponding encrypted directory in the mount point (ls <encrypted dir>) * Quickly delete the file in the original data - instead create a device node * Access the file again, it will access the device node and attempt to read from it Fixes https://github.com/rfjakob/gocryptfs/issues/187
2017-12-07fusefrontend_reverse: Use openBackingDir in GetAttrSebastian Lackner
Also fixes 48bd59f38843e5ebd4e4c9f666f1aea1c9990803 - the directory FD should also be closed in case of an error.
2017-12-07fusefrontend_reverse: Use openBackingDir in ReadlinkSebastian Lackner
2017-12-07fusefrontend_reverse: fix fd leak in GetAttrJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/184
2017-12-07fusefrontend_reverse: secure Access against symlink races (somewhat)Jakob Unterwurzacher
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07syscallcompat: add FaccessatJakob Unterwurzacher
Add faccessat(2) with a hack for symlink, because the kernel does not actually looks at the passed flags. From man 2 faccessat: C library/kernel differences The raw faccessat() system call takes only the first three argu‐ ments. The AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually implemented within the glibc wrapper function for faccessat().
2017-12-06tets_helpers: handle t=nil in InitFSJakob Unterwurzacher
The reverse tests call InitFS with t=nil. By calling panic we get a better error message instead of a generic nil pointer dereference.
2017-12-06fusefrontend_reverse: secure Readlink against symlink racesJakob Unterwurzacher
...by using Readlinkat. Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06syscallcompat: add ReadlinkatJakob Unterwurzacher
We need readlinkat to implement Readlink symlink-race-free.
2017-12-06syscallcompat: add Darwin version of unix2syscallJakob Unterwurzacher
The "Atim" field is called "Atimespec" on Darwin, same for Mtim and Ctim.
2017-12-06fusefrontend_reverse: secure GetAttr against symlink racesJakob Unterwurzacher
...by using the OpenNofollow helper & Fstatat. Also introduce a helper to convert from unix.Stat_t to syscall.Stat_t. Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165