From a525e33eaa59c6561653a5fc40e5c4d5a9a3184b Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sat, 12 Jan 2019 20:57:31 +0100 Subject: fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call. Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338. --- internal/syscallcompat/sys_darwin.go | 5 +++++ internal/syscallcompat/sys_linux.go | 22 ++++++++++++++++++++++ 2 files changed, 27 insertions(+) (limited to 'internal/syscallcompat') diff --git a/internal/syscallcompat/sys_darwin.go b/internal/syscallcompat/sys_darwin.go index 7defc5f..3c431b9 100644 --- a/internal/syscallcompat/sys_darwin.go +++ b/internal/syscallcompat/sys_darwin.go @@ -79,6 +79,11 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { return emulateMkdirat(dirfd, path, mode) } +func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) { + // FIXME: take into account context.Owner + return Mkdirat(dirfd, path, mode) +} + func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) { return emulateFstatat(dirfd, path, stat, flags) } diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go index 595aa1d..a431195 100644 --- a/internal/syscallcompat/sys_linux.go +++ b/internal/syscallcompat/sys_linux.go @@ -180,6 +180,28 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { return syscall.Mkdirat(dirfd, path, mode) } +// MkdiratUser runs the Mkdirat syscall in the context of a different user. +func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) { + if context != nil { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + err = syscall.Setregid(-1, int(context.Owner.Gid)) + if err != nil { + return err + } + defer syscall.Setregid(-1, 0) + + err = syscall.Setreuid(-1, int(context.Owner.Uid)) + if err != nil { + return err + } + defer syscall.Setreuid(-1, 0) + } + + return Mkdirat(dirfd, path, mode) +} + // Fstatat syscall. func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) { // Why would we ever want to call this without AT_SYMLINK_NOFOLLOW? -- cgit v1.2.3