From c1bd2626008ca1c27bcd139bac1d79792d9b1f20 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 3 Jan 2019 20:36:26 +0100 Subject: Update README for v1.7-beta1 --- README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index eb7981c..cdd61e1 100644 --- a/README.md +++ b/README.md @@ -138,8 +138,8 @@ Example for a CPU without AES-NI: ``` $ ./gocryptfs -speed AES-GCM-256-OpenSSL 165.67 MB/s (selected in auto mode) -AES-GCM-256-Go 49.62 MB/s -AES-SIV-512-Go 39.98 MB/s +AES-GCM-256-Go 49.62 MB/s +AES-SIV-512-Go 39.98 MB/s ``` You can run `./benchmark.bash` to run gocryptfs' canonical set of @@ -148,7 +148,7 @@ tarball, recursively listing and finally deleting it. The output will look like this: ``` -$ ./benchmark.bash +$ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.DwL: gocryptfs v1.6; go-fuse v20170619-45-g95c6370; 2018-08-18 go1.10.3 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.1033 s, 238 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.945291 s, 277 MB/s @@ -160,6 +160,18 @@ RM: 3.379 Changelog --------- +v1.7-beta1, 2019-01-03 +* **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames + * If you use *both* `-allow_other` *and* `-plaintextnames`, you should upgrade. + Malicous users could trick gocryptfs into modifying files outside of `CIPHERDIR`, + or reading files inside `CIPHERDIR` that they should not have access to. + * If you do not use `-plaintextnames` (disabled per default), these attacks do + not work as symlinks are encrypted. + * Forward mode has been reworked to use the "*at" family of system calls everywhere + (`Openat/Unlinkat/Symlinkat/...`). + * As a result, gocryptfs may run slightly slower, as the caching logic has been + replaced and is very simple at the moment. + * The possibility for such attacks was found during an internal code review. v1.6.1, 2018-12-12 * Fix "Operation not supported" chmod errors on Go 1.11 -- cgit v1.2.3