From 87736eb833dfcf3f110dbd8846752c86aae7b481 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Thu, 7 Dec 2017 00:08:10 +0100
Subject: fusefrontend_reverse: secure Access against symlink races (somewhat)

Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW,
so this is not completely atomic.

Given that the information you get from access is not very
interesting, it seems good enough.

https://github.com/rfjakob/gocryptfs/issues/165
---
 internal/fusefrontend_reverse/rfs.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'internal/fusefrontend_reverse/rfs.go')

diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index db10ce0..d87a936 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -201,11 +201,16 @@ func (rfs *ReverseFS) Access(relPath string, mode uint32, context *fuse.Context)
 		}
 		return fuse.EPERM
 	}
-	absPath, err := rfs.abs(rfs.decryptPath(relPath))
+	dirfd, name, err := rfs.openBackingDir(relPath)
 	if err != nil {
 		return fuse.ToStatus(err)
 	}
-	return fuse.ToStatus(syscall.Access(absPath, mode))
+	err = syscallcompat.Faccessat(dirfd, name, mode)
+	if err != nil {
+		fmt.Printf("name=%q err=%v", name, err)
+	}
+	syscall.Close(dirfd)
+	return fuse.ToStatus(err)
 }
 
 // Open - FUSE call
-- 
cgit v1.2.3