fusefrontend: use Lchown when preserving owner
This prevents (unlikely) symlink race attacks
This commit is contained in:
Jakob Unterwurzacher
parent
7fc93ec093
commit
a66440c668
@ -157,7 +157,7 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
|
|||||||
if fs.args.PreserveOwner {
|
if fs.args.PreserveOwner {
|
||||||
err = fd.Chown(int(context.Owner.Uid), int(context.Owner.Gid))
|
err = fd.Chown(int(context.Owner.Uid), int(context.Owner.Gid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("Create: Chown failed: %v", err)
|
tlog.Warn.Printf("Create: fd.Chown failed: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return NewFile(fd, writeOnly, fs)
|
return NewFile(fd, writeOnly, fs)
|
||||||
|
|||||||
@ -54,9 +54,9 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
|||||||
err = os.Mkdir(cPath, os.FileMode(mode))
|
err = os.Mkdir(cPath, os.FileMode(mode))
|
||||||
// Set owner
|
// Set owner
|
||||||
if fs.args.PreserveOwner {
|
if fs.args.PreserveOwner {
|
||||||
err = os.Chown(cPath, int(context.Owner.Uid), int(context.Owner.Gid))
|
err = os.Lchown(cPath, int(context.Owner.Uid), int(context.Owner.Gid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("Mkdir: Chown failed: %v", err)
|
tlog.Warn.Printf("Mkdir: Lchown failed: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
@ -94,7 +94,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
|||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set permissions back to what the user wanted
|
// Set permissions back to what the user wanted
|
||||||
if origMode != mode {
|
if origMode != mode {
|
||||||
err = os.Chmod(cPath, os.FileMode(origMode))
|
err = os.Chmod(cPath, os.FileMode(origMode))
|
||||||
@ -104,13 +103,13 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
|||||||
}
|
}
|
||||||
// Set owner
|
// Set owner
|
||||||
if fs.args.PreserveOwner {
|
if fs.args.PreserveOwner {
|
||||||
err = os.Chown(cPath, int(context.Owner.Uid), int(context.Owner.Gid))
|
err = os.Lchown(cPath, int(context.Owner.Uid), int(context.Owner.Gid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("Mkdir: Chown failed: %v", err)
|
tlog.Warn.Printf("Mkdir: Lchown 1 failed: %v", err)
|
||||||
}
|
}
|
||||||
err = os.Chown(filepath.Join(cPath, nametransform.DirIVFilename), int(context.Owner.Uid), int(context.Owner.Gid))
|
err = os.Lchown(filepath.Join(cPath, nametransform.DirIVFilename), int(context.Owner.Uid), int(context.Owner.Gid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("Mkdir: Chown failed: %v", err)
|
tlog.Warn.Printf("Mkdir: Lchown 2 failed: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return fuse.OK
|
return fuse.OK
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user