From 72b975867a3b9bdf53fc2da62e2ba4a328d7e4ab Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 26 Nov 2017 21:59:24 +0100 Subject: fusefronted: allow_other: close race between mknod and chown If the user manages to replace the directory with a symlink at just the right time, we could be tricked into chown'ing the wrong file. This change fixes the race by using fchownat, which unfortunately is not available on darwin, hence a compat wrapper is added. Scenario, as described by @slackner at https://github.com/rfjakob/gocryptfs/issues/177 : 1. Create a forward mount point with `plaintextnames` enabled 2. Mount as root user with `allow_other` 3. For testing purposes create a file `/tmp/file_owned_by_root` which is owned by the root user 4. As a regular user run inside of the GoCryptFS mount: ``` mkdir tempdir mknod tempdir/file_owned_by_root p & mv tempdir tempdir2 ln -s /tmp tempdir ``` When the steps are done fast enough and in the right order (run in a loop!), the device file will be created in `tempdir`, but the `lchown` will be executed by following the symlink. As a result, the ownership of the file located at `/tmp/file_owned_by_root` will be changed. --- tests/matrix/matrix_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests/matrix') diff --git a/tests/matrix/matrix_test.go b/tests/matrix/matrix_test.go index 9b9cb1b..170f8ba 100644 --- a/tests/matrix/matrix_test.go +++ b/tests/matrix/matrix_test.go @@ -781,3 +781,12 @@ func TestUtimesNanoFd(t *testing.T) { procPath := fmt.Sprintf("/proc/self/fd/%d", f.Fd()) doTestUtimesNano(t, procPath) } + +// Make sure the Mknod call works by creating a fifo (named pipe) +func TestMkfifo(t *testing.T) { + path := test_helpers.DefaultPlainDir + "/fifo1" + err := syscall.Mkfifo(path, 0700) + if err != nil { + t.Fatal(err) + } +} -- cgit v1.2.3