main: disallow recursively encrypting ourselves
From https://github.com/rfjakob/gocryptfs/issues/150: mkdir a mkdir a/b gocryptsfs -init -reverse a/ gocryptfs -reverse a/ a/b Now directory a/b/ contains encrypted view of 'a' but it is possible to descend into encrypted version of b (e.g. a/b/43873uhj538765387/) which contains double encrypted 'a' and so on. Reported-by: https://github.com/tigmac
This commit is contained in:
parent
34547a6c39
commit
a1a98abfbb
7
mount.go
7
mount.go
@ -47,6 +47,13 @@ func doMount(args *argContainer) int {
|
|||||||
args.mountpoint, args.cipherdir)
|
args.mountpoint, args.cipherdir)
|
||||||
os.Exit(exitcodes.MountPoint)
|
os.Exit(exitcodes.MountPoint)
|
||||||
}
|
}
|
||||||
|
// Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively
|
||||||
|
// encrypting ourselves.
|
||||||
|
if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") {
|
||||||
|
tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported",
|
||||||
|
args.mountpoint, args.cipherdir)
|
||||||
|
os.Exit(exitcodes.MountPoint)
|
||||||
|
}
|
||||||
if args.nonempty {
|
if args.nonempty {
|
||||||
err = checkDir(args.mountpoint)
|
err = checkDir(args.mountpoint)
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user