forward mode: create gocryptfs.diriv files with 0440 permissions

Makes it easier to share an encrypted folder via a network drive.

https://github.com/rfjakob/gocryptfs/issues/387
This commit is contained in:
Jakob Unterwurzacher 2019-03-30 20:06:40 +01:00
parent a4f461a305
commit ec17445b99
3 changed files with 34 additions and 1 deletions

View File

@ -166,6 +166,11 @@ Changelog
vNEXT, in progress vNEXT, in progress
* Support wild cards in reverse mode via `--exclude-wildcard` * Support wild cards in reverse mode via `--exclude-wildcard`
([#367](https://github.com/rfjakob/gocryptfs/pull/367)). Thanks @ekalin! ([#367](https://github.com/rfjakob/gocryptfs/pull/367)). Thanks @ekalin!
* Create `gocryptfs.diriv` files with 0440 permissions to make it easier to
share an encrypted folder via a network drive
([#387](https://github.com/rfjakob/gocryptfs/issues/387)).
Note: as a security precaution, the owner must still manually
`chmod gocryptfs.conf 0440` to allow mounting.
v1.7, 2019-03-17 v1.7, 2019-03-17
* **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames * **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames

View File

@ -61,11 +61,19 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
// This function is exported because it is used from fusefrontend, main, // This function is exported because it is used from fusefrontend, main,
// and also the automated tests. // and also the automated tests.
func WriteDirIVAt(dirfd int) error { func WriteDirIVAt(dirfd int) error {
// It makes sense to have the diriv files group-readable so the FS can
// be mounted from several users from a network drive (see
// https://github.com/rfjakob/gocryptfs/issues/387 ).
//
// Note that gocryptfs.conf is still created with 0400 permissions so the
// owner must explicitely chmod it to permit access.
const dirivPerms = 0440
iv := cryptocore.RandBytes(DirIVLen) iv := cryptocore.RandBytes(DirIVLen)
// 0400 permissions: gocryptfs.diriv should never be modified after creation. // 0400 permissions: gocryptfs.diriv should never be modified after creation.
// Don't use "ioutil.WriteFile", it causes trouble on NFS: // Don't use "ioutil.WriteFile", it causes trouble on NFS:
// https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed // https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed
fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400) fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, dirivPerms)
if err != nil { if err != nil {
tlog.Warn.Printf("WriteDirIV: Openat: %v", err) tlog.Warn.Printf("WriteDirIV: Openat: %v", err)
return err return err

View File

@ -43,6 +43,26 @@ func TestInit(t *testing.T) {
} }
} }
// Test that gocryptfs.conf and gocryptfs.diriv are there with the expected
// permissions after -init
func TestInitFilePerms(t *testing.T) {
dir := test_helpers.InitFS(t)
var st syscall.Stat_t
syscall.Stat(dir+"/gocryptfs.conf", &st)
perms := st.Mode & 0777
if perms != 0400 {
t.Errorf("Wrong permissions for gocryptfs.conf: %#o", perms)
}
st = syscall.Stat_t{}
syscall.Stat(dir+"/gocryptfs.diriv", &st)
perms = st.Mode & 0777
// From v1.7.1, these are created with 0440 permissions, see
// https://github.com/rfjakob/gocryptfs/issues/387
if perms != 0440 {
t.Errorf("Wrong permissions for gocryptfs.diriv: %#o", perms)
}
}
// Test -init with -devrandom flag // Test -init with -devrandom flag
func TestInitDevRandom(t *testing.T) { func TestInitDevRandom(t *testing.T) {
test_helpers.InitFS(t, "-devrandom") test_helpers.InitFS(t, "-devrandom")