From e97c23e08383666117523cf3145f1213b41c2489 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Thu, 30 Nov 2017 19:40:53 +0100
Subject: syscallcompat: check that we get NOFOLLOW wherever possible

...and fix the instances where the AT_SYMLINK_NOFOLLOW /
O_NOFOLLOW / O_EXCL flag was missing.
---
 internal/syscallcompat/sys_linux.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'internal/syscallcompat/sys_linux.go')

diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go
index 1ea56b5..e9ca7cb 100644
--- a/internal/syscallcompat/sys_linux.go
+++ b/internal/syscallcompat/sys_linux.go
@@ -6,6 +6,8 @@ import (
 	"syscall"
 	"unsafe"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
@@ -46,6 +48,11 @@ func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
 
 // Openat wraps the Openat syscall.
 func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	// Why would we ever want to call this without O_NOFOLLOW and O_EXCL?
+	if !(flags&syscall.O_CREAT != 0 && flags&syscall.O_EXCL != 0) && flags&syscall.O_NOFOLLOW == 0 {
+		tlog.Warn.Printf("Openat: adding missing O_NOFOLLOW flag")
+		flags |= syscall.O_NOFOLLOW
+	}
 	return syscall.Openat(dirfd, path, flags, mode)
 }
 
@@ -82,11 +89,21 @@ func Dup3(oldfd int, newfd int, flags int) (err error) {
 
 // Fchmodat syscall.
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
+	if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
+		tlog.Warn.Printf("Fchmodat: adding missing AT_SYMLINK_NOFOLLOW flag")
+		flags |= unix.AT_SYMLINK_NOFOLLOW
+	}
 	return syscall.Fchmodat(dirfd, path, mode, flags)
 }
 
 // Fchownat syscall.
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
+	if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
+		tlog.Warn.Printf("Fchownat: adding missing AT_SYMLINK_NOFOLLOW flag")
+		flags |= unix.AT_SYMLINK_NOFOLLOW
+	}
 	return syscall.Fchownat(dirfd, path, uid, gid, flags)
 }
 
-- 
cgit v1.2.3