From 441e796e7034977c15dc9402a880ef4061b471a7 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 2 Dec 2017 21:36:07 +0100 Subject: fusefrontend_reverse: secure StatFs agains symlink races ...by ignoring the path that was passed in. https://github.com/rfjakob/gocryptfs/issues/165 --- internal/fusefrontend_reverse/rfs.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 09ebe9e..18468ee 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -297,9 +297,20 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse. return entries, fuse.OK } -// StatFs - FUSE call -func (rfs *ReverseFS) StatFs(name string) *fuse.StatfsOut { - return rfs.loopbackfs.StatFs(name) +// StatFs - FUSE call. Returns information about the filesystem (free space +// etc). +// Securing statfs against symlink races seems to be more trouble than +// it's worth, so we just ignore the path and always return info about the +// backing storage root dir. +func (rfs *ReverseFS) StatFs(path string) *fuse.StatfsOut { + var s syscall.Statfs_t + err := syscall.Statfs(rfs.args.Cipherdir, &s) + if err != nil { + return nil + } + out := &fuse.StatfsOut{} + out.FromStatfsT(&s) + return out } // Readlink - FUSE call -- cgit v1.2.3