fusefrontend: Don't chown gocryptfs.diriv files.
The current code has a risk of race-conditions, since we pass a path containing "/" to Fchownat. We could fix this by opening a file descriptor, however, this does not seem worth the effort. We also don't chown *.name files.
This commit is contained in:
Sebastian Lackner
parent
fcaca5fc94
commit
669322482a
|
|
@ -5,7 +5,6 @@ package fusefrontend
|
|||
|
||||
import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
|
|
@ -326,19 +325,8 @@ func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context)
|
|||
return fuse.ToStatus(err)
|
||||
}
|
||||
defer syscall.Close(dirfd)
|
||||
code = fuse.ToStatus(syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW))
|
||||
if !code.Ok() {
|
||||
return code
|
||||
}
|
||||
if !fs.args.PlaintextNames {
|
||||
// When filename encryption is active, every directory contains
|
||||
// a "gocryptfs.diriv" file. This file should also change the owner.
|
||||
// Instead of checking if "cName" is a directory, we just blindly
|
||||
// execute the chown on "cName/gocryptfs.diriv" and ignore errors.
|
||||
dirIVPath := filepath.Join(cName, nametransform.DirIVFilename)
|
||||
syscallcompat.Fchownat(dirfd, dirIVPath, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||
}
|
||||
return fuse.OK
|
||||
err = syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
|
||||
// Mknod - FUSE call. Create a device file.
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ package fusefrontend
|
|||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"syscall"
|
||||
|
||||
|
|
@ -124,16 +123,11 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
|||
err = syscallcompat.Fchownat(dirfd, cName, int(context.Owner.Uid),
|
||||
int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Mkdir %q: Fchownat(1) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
||||
tlog.Warn.Printf("Mkdir %q: Fchownat %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
||||
// In case of a failure, we don't want to proceed setting more
|
||||
// permissive modes.
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
err = syscallcompat.Fchownat(dirfd, filepath.Join(cName, nametransform.DirIVFilename),
|
||||
int(context.Owner.Uid), int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Mkdir %q: Fchownat(2) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
||||
}
|
||||
}
|
||||
// Set mode
|
||||
if origMode != mode {
|
||||
|
|
|
|||
Loading…
Reference in New Issue