Jakob Unterwurzacher
18f6c6106c
main: try to wipe cryptocore's secret keys on unmount
...
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
719693ec5d
fusefrontend[_reverse]: move crypto init up to caller
...
Both fusefrontend and fusefrontend_reverse were doing
essentially the same thing, move it into main's
initFuseFrontend.
A side-effect is that we have a reference to cryptocore
in main, which will help with wiping the keys on exit
(https://github.com/rfjakob/gocryptfs/issues/211 ).
2018-02-18 11:21:58 +01:00
Jakob Unterwurzacher
eeed4b4bef
stupidgcm: implement key wipe
...
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17 15:14:55 +01:00
Jakob Unterwurzacher
7e0fefe970
stupidgcm: switch to pointer receivers
...
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
2018-02-17 15:02:01 +01:00
Jakob Unterwurzacher
a3694e0c07
benchmark.bash: print tested version
2018-02-06 23:03:07 +01:00
Jakob Unterwurzacher
a624aab8a1
README: Mention min required Go version
2018-02-05 22:24:51 +01:00
Jakob Unterwurzacher
8151222ada
gccgo: skip emulateGetdents on linux
...
The test is known to fail on gccgo
(https://github.com/rfjakob/gocryptfs/issues/201 ), but
getdents emulation is not used on linux, so let's skip
the test and ignore the failure.
2018-02-04 21:14:12 +01:00
Felix Lechner
bf2f9640c4
Fix spelling ( #205 )
2018-02-04 20:38:22 +01:00
Felix Lechner
5b986288cf
Fix assignment error in Unix2syscall by converting Timespec into Nsec ( #203 )
...
$ go.gcc build
# github.com/rfjakob/gocryptfs/internal/syscallcompat
internal/syscallcompat/unix2syscall_linux.go:32:13: error: incompatible types in assignment (cannot use type int64 as type syscall.Timespec_sec_t)
s.Atim.Sec = u.Atim.Sec
^
2018-02-03 13:42:49 +01:00
Jakob Unterwurzacher
866e850842
MANPAGE: improve markdown rendering
...
The man page is rendered on github at
https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md .
Improve formatting a little.
2018-02-03 13:39:07 +01:00
Jakob Unterwurzacher
9f8d0d8e57
gccgo: replace syscall.NAME_MAX with unix.NAME_MAX
...
For some reason the syscall.NAME_MAX constant does not exist
on gccgo, and it does not hurt us to use unix.NAME_MAX instead.
https://github.com/rfjakob/gocryptfs/issues/201
2018-02-01 23:50:11 +01:00
Jakob Unterwurzacher
26ba8103bf
syscallcompat: switch from syscall.Getdents to unix.Getdents
...
On mips64le, syscall.Getdents() and struct syscall.Dirent do
not fit together, causing our Getdents implementation to
return garbage ( https://github.com/rfjakob/gocryptfs/issues/200
and https://github.com/golang/go/issues/23624 ).
Switch to unix.Getdents which does not have this problem -
the next Go release with the syscall package fixes is too
far away, and will take time to trickle into distros.
2018-01-31 18:59:10 +01:00
Jakob Unterwurzacher
b611e01035
Update deps
2018-01-31 18:57:41 +01:00
Kenneth Newwood
8afcb43b83
added usage of reverse mode to README
2018-01-28 15:40:20 +01:00
Jakob Unterwurzacher
f3838c09d8
syscallcompat: hardcode maxReclen = 280 for all architectures
...
Due to padding between entries, it is 280 even on 32-bit architectures.
See https://github.com/rfjakob/gocryptfs/issues/197 for details.
2018-01-25 22:22:13 +01:00
Jakob Unterwurzacher
b318572312
syscallcompat: fix reversed warning output
...
We used to print somewhat strange messages:
Getdents: corrupt entry #1 : Reclen=276 > 280. Returning EBADR
Reported at https://github.com/rfjakob/gocryptfs/issues/197
2018-01-25 21:42:15 +01:00
rfjakob
163964b090
Update README.md
...
README: add missing word
2018-01-25 21:35:57 +01:00
Jakob Unterwurzacher
ea51837361
fusefrontend: drop unused haveGetdents warning
...
We don't actually print that warning anymore.
2018-01-25 09:06:06 +01:00
Jakob Unterwurzacher
de878a3346
syscallcompat: explain why we don't use syscall.ParseDirent()
...
syscall.ParseDirent only returns the NAMES, we want
everything.
2018-01-25 08:43:30 +01:00
Jakob Unterwurzacher
7015a6ebfb
Documentation: update xfstests output
...
Also update the v1.4.3 release date to today.
The release was delayed one day.
2018-01-21 20:49:17 +01:00
Jakob Unterwurzacher
991708af01
Documentation: add extractloop example output
2018-01-21 20:04:37 +01:00
Jakob Unterwurzacher
f63ce35b3d
Update changelog for 1.4.3
2018-01-20 14:27:03 +01:00
Jakob Unterwurzacher
735b92c48b
Travis CI: also build with vendored dependencies
2018-01-20 13:49:20 +01:00
Jakob Unterwurzacher
6d46c4f31c
dep: update dependencies
...
We needed a newer version of x/sys/unix to compile,
and we want the fixes in go-fuse.
2018-01-20 13:49:20 +01:00
Jakob Unterwurzacher
bac7ef4834
MacOS: rely on OSXFuse to create the mountpoint
...
As reported in https://github.com/rfjakob/gocryptfs/issues/194 ,
OSXFuse creates the mountpoint if it does not exist.
2018-01-20 13:42:29 +01:00
Jakob Unterwurzacher
277ad087ff
MANPAGE: improve description of -o and -ko
...
Was unclear for new users - see https://github.com/rfjakob/gocryptfs/issues/194
2018-01-20 13:35:26 +01:00
Jakob Unterwurzacher
a2677bce2a
fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttr
...
Makes it robust against symlink races.
Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 21:36:38 +01:00
Jakob Unterwurzacher
959e1fc1e2
fusefrontend_reverse: use OpenNofollow in findLongnameParent
...
Protects findLongnameParent against symlink races.
Also add comments to several functions along the way.
Reported at https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 20:54:05 +01:00
Jakob Unterwurzacher
8951eb2472
fusefronted: add PlaintextNames special-cases for Create & Rename
...
gocryptfs.longname.XXX files were considered magic in PlaintextNames
mode, which was wrong.
Fix that and add tests.
Fixes https://github.com/rfjakob/gocryptfs/issues/174
2018-01-17 00:25:36 +01:00
Jakob Unterwurzacher
36ffd813cd
Run go fmt
2018-01-16 23:18:53 +01:00
Jakob Unterwurzacher
7d477d692b
MacOS: rely on OSXFuse to create mountpoint below /Volumes
...
OSXFuse automatically creates the mountpoint if it is
below /Volumes because this would require root permissions
which the user might not have.
Reported at https://github.com/rfjakob/gocryptfs/issues/194
2018-01-16 23:18:53 +01:00
Felix Lechner
a4dff6aea0
Provide basic man page for xray tool ( #193 )
...
Provide basic man page for xray tool
2018-01-10 20:27:03 +01:00
Felix Lechner
63c3878b7c
Fix spelling
2018-01-10 09:26:48 +01:00
Jakob Unterwurzacher
025f33e366
package-source.bash: archive HEAD instead of master
...
To be able to check out an older version and create
a tarball from it, let `git archive` operate on HEAD.
This used to be broken in a bad way: we use `git describe`
which operates on HEAD to name the tarball, but always archived
HEAD.
2018-01-07 22:29:02 +01:00
Jakob Unterwurzacher
1ae218b417
package-source.bash: also create source-only tarball
...
We used to only create a source + dependecies tarball,
but having a source-only tarball makes packaging deb/rpm
easier.
2018-01-07 19:01:59 +01:00
Sebastian Lackner
a85dbcab38
fusefrontend: Use Linkat syscall to implement Link
2017-12-25 15:07:37 +01:00
Sebastian Lackner
a24342f656
fusefrontend: Handle PlaintextNames mode in Link
...
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning.
https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25 15:07:37 +01:00
Rohan Talip
ca594b2349
Pinned the link to line 38 of performance.txt to version 1.4.1 since f0e29d9b90 (diff-86b7f3262ae352959ee0e04cccaac1b0)
added an extra line.
2017-12-25 15:06:19 +01:00
Sebastian Lackner
631974f9e0
fusefrontend_reverse: Use O_DIRECTORY in OpenDir implementation
...
Also get rid of the defer - it is not really necessary here.
2017-12-11 21:18:20 +01:00
Sebastian Lackner
96dc2ca709
fusefrontend_reverse: Reject access to device nodes in newFile function
...
Steps to reproduce:
* Create a regular reverse mount point
* Create a file "test" in the original directory
* Access the corresponding encrypted directory in the mount point (ls <encrypted dir>)
* Quickly delete the file in the original data - instead create a device node
* Access the file again, it will access the device node and attempt to read from it
Fixes https://github.com/rfjakob/gocryptfs/issues/187
2017-12-11 09:55:16 +01:00
Sebastian Lackner
3af51736f3
fusefrontend_reverse: Use openBackingDir in GetAttr
...
Also fixes 48bd59f388
- the directory FD should
also be closed in case of an error.
2017-12-07 23:36:11 +01:00
Sebastian Lackner
ad0f110191
fusefrontend_reverse: Use openBackingDir in Readlink
2017-12-07 23:36:11 +01:00
Jakob Unterwurzacher
48bd59f388
fusefrontend_reverse: fix fd leak in GetAttr
...
Fixes https://github.com/rfjakob/gocryptfs/issues/184
2017-12-07 09:01:12 +01:00
Jakob Unterwurzacher
87736eb833
fusefrontend_reverse: secure Access against symlink races (somewhat)
...
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW,
so this is not completely atomic.
Given that the information you get from access is not very
interesting, it seems good enough.
https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07 00:11:35 +01:00
Jakob Unterwurzacher
2ceef01afe
syscallcompat: add Faccessat
...
Add faccessat(2) with a hack for symlink, because the
kernel does not actually looks at the passed flags.
From man 2 faccessat:
C library/kernel differences
The raw faccessat() system call takes only the first three argu‐
ments. The AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually
implemented within the glibc wrapper function for faccessat().
2017-12-07 00:05:28 +01:00
Jakob Unterwurzacher
6bd2da89d3
tets_helpers: handle t=nil in InitFS
...
The reverse tests call InitFS with t=nil. By
calling panic we get a better error message instead
of a generic nil pointer dereference.
2017-12-06 23:03:37 +01:00
Jakob Unterwurzacher
e042eb38fa
fusefrontend_reverse: secure Readlink against symlink races
...
...by using Readlinkat.
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06 21:13:08 +01:00
Jakob Unterwurzacher
f97494e89b
syscallcompat: add Readlinkat
...
We need readlinkat to implement Readlink
symlink-race-free.
2017-12-06 21:07:24 +01:00
Jakob Unterwurzacher
6beb45e5b7
syscallcompat: add Darwin version of unix2syscall
...
The "Atim" field is called "Atimespec" on Darwin,
same for Mtim and Ctim.
2017-12-06 00:18:38 +01:00
Jakob Unterwurzacher
a3bdc2bf2b
fusefrontend_reverse: secure GetAttr against symlink races
...
...by using the OpenNofollow helper & Fstatat.
Also introduce a helper to convert from unix.Stat_t to
syscall.Stat_t.
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06 00:06:31 +01:00