hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
1,381 Commits 2 Branches 0 Tags 6 MiB
1d2ce9c213
Commit Graph

32 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
a7d59032d3 syscallcompat: rework Fchmodat to FchmodatNofollow 
We never want Fchmodat to follow symlinks, so follow what
Qemu does, and call our function FchmodatNofollow.
 2019-01-14 21:54:16 +01:00
Sebastian Lackner
a9d8eb49ef syscallcompat: Drop Fstatat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
4134ff7570 syscallcompat: Drop Mkdirat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
7b0d56fe98 syscallcompat: Drop Symlinkat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
92110628ee syscallcompat: Drop Fchownat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
0345cc0830 syscallcompat: Drop Fchmodat emulation on macOS. 
On macOS the function has a flags argument, so we don't need the
/proc/self/fd trick used on Linux.
 2019-01-14 21:27:28 +01:00
Sebastian Lackner
229a9da74b syscallcompat: Drop Unlinkat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
42bf6d1c68 syscallcompat: Drop Renameat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
da557702d7 syscallcompat: Drop Openat emulation on macOS. 2019-01-14 21:27:28 +01:00
Sebastian Lackner
d7be766851 syscallcompat: Use pthread_setugid_np() to implement *User() functions on macOS. 
Fixes -allow_other mode on macOS.
 2019-01-14 21:27:28 +01:00
Jakob Unterwurzacher
711ef81bfb macos: filter SUID and SGID bits in OpenatUser, MknodatUser, MkdiratUser 
When gocryptfs runs as root, we don't want to allow people to create
SUID root files.
 2019-01-13 14:05:03 +01:00
Sebastian Lackner
efc280330c fusefrontend: -allow_other: Use SymlinkatUser in Symlink FUSE call. 
Instead of manually adjusting the user after creating the symlink,
adjust effective permissions and let the kernel deal with it.

Related to https://github.com/rfjakob/gocryptfs/issues/338.
 2019-01-12 21:22:58 +01:00
Sebastian Lackner
1fbe7798cf fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call. 
Instead of manually adjusting the user and mode after creating the
device file, adjust effective permissions and let the kernel deal
with it.

Related to https://github.com/rfjakob/gocryptfs/issues/338.
 2019-01-12 21:20:16 +01:00
Sebastian Lackner
a525e33eaa fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call. 
Revert commit fcaca5fc94.

Instead of manually adjusting the user and mode after creating the
directory, adjust effective permissions and let the kernel deal with it.

Related to https://github.com/rfjakob/gocryptfs/issues/338.
 2019-01-12 21:20:07 +01:00
Sebastian Lackner
03b9d65cce fusefrontend: -allow_other: Use OpenatUser in Create FUSE call. 
Revert commit b22cc03c75.

Instead of manually adjusting the user and mode after creating the
file, adjust effective permissions and let the kernel deal with it.

Related to https://github.com/rfjakob/gocryptfs/issues/338.
 2019-01-12 20:54:39 +01:00
Jakob Unterwurzacher
930c37e03d syscallcompat: use O_PATH in OpenDirNofollow 
This fixes the "0100 directory" problem in reverse mode,
and should be slightly faster.
 2018-09-08 18:06:33 +02:00
Jakob Unterwurzacher
53f7e1a0f0 macos: fix O_DIRECT build failure 
O_DIRECT has no direct equivalent on MacOS
(check out https://github.com/libuv/libuv/issues/1600 for details).

Just define it to zero there.
 2018-07-04 09:04:00 +02:00
Jakob Unterwurzacher
e33593d30d syscallcompat: add Fstatat + emulation + test 
Fstatat has recently been added to x/sys/unix. Make
it available for use in gocryptfs.
 2017-12-03 19:32:59 +01:00
Jakob Unterwurzacher
bd79a8cd0d syscallcompat: build emulated syscalls under linux, too 
This will allow to test them under linux as well.
 2017-11-30 17:07:55 +01:00
Sebastian Lackner
614745ee57 fusefrontend: allow_other: close race between mkdir and chown 
Fixes the same problem as described in 72b975867a,
except for directories instead of device nodes.
 2017-11-29 13:28:04 +01:00
Sebastian Lackner
0162392a28 fusefrontend: Use Fchmodat to implement Chmod 2017-11-29 12:55:41 +01:00
Sebastian Lackner
0f44c617d0 syscallcompat: Introduce unlinkat syscall with flags argument 2017-11-29 12:41:23 +01:00
Sebastian Lackner
5a56810603 fusefrontend: Use the Symlinkat syscall for longname handling 2017-11-28 09:28:06 +01:00
Sebastian Lackner
8c5069c637 syscallcompat: Fix Fchownat syscall wrapper on darwin 
* Acquire the lock before reading the current directory
* Fix a file descriptor leak
 2017-11-28 09:28:06 +01:00
Jakob Unterwurzacher
72b975867a fusefronted: allow_other: close race between mknod and chown 
If the user manages to replace the directory with
a symlink at just the right time, we could be tricked
into chown'ing the wrong file.

This change fixes the race by using fchownat, which
unfortunately is not available on darwin, hence a compat
wrapper is added.

Scenario, as described by @slackner at
https://github.com/rfjakob/gocryptfs/issues/177 :

1. Create a forward mount point with `plaintextnames` enabled
2. Mount as root user with `allow_other`
3. For testing purposes create a file `/tmp/file_owned_by_root`
   which is owned by the root user
4. As a regular user run inside of the GoCryptFS mount:

```
mkdir tempdir
mknod tempdir/file_owned_by_root p &
mv tempdir tempdir2
ln -s /tmp tempdir
```

When the steps are done fast enough and in the right order
(run in a loop!), the device file will be created in
`tempdir`, but the `lchown` will be executed by following
the symlink. As a result, the ownership of the file located
at `/tmp/file_owned_by_root` will be changed.
 2017-11-27 21:04:45 +01:00
Jakob Unterwurzacher
a4563e21ec main, syscallcompat: use Dup3 instead of Dup2 
Dup2 is not implemented on linux/arm64.

Fixes https://github.com/rfjakob/gocryptfs/issues/121 .

Also adds cross-compilation to CI.
 2017-06-18 15:43:22 +02:00
Jakob Unterwurzacher
8bbc1038fe syscallcompat: OSX compat: fix variable warnings 
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
 2017-02-16 19:23:17 +01:00
Jakob Unterwurzacher
741bf0726e syscallcompat: OSX: add Mknodat wrapper 
Protip: find naked *at syscalls using:

   git grep "syscall." | grep "at(" | grep -v syscallcompat
 2016-07-03 20:22:22 +02:00
Jakob Unterwurzacher
d8524c7369 syscallcompat: OSX: add Unlinkat wrapper 
Also, replace remaining naked syscall.Openat calls.
 2016-07-03 20:17:40 +02:00
Jakob Unterwurzacher
79851bf6cc syscallcompat: OSX: add Renamat wrapper 
Adds a poor man's renameat implementation for OSX.
 2016-07-03 20:05:32 +02:00
Jakob Unterwurzacher
9b725c15cf syscallcompat: OSX: add Fallocate and Openat wrappers 
...and convert all calls to syscall.{Fallocate,Openat}
to syscallcompat .

Both syscalls are not available on OSX. We emulate Openat and just
return EOPNOTSUPP for Fallocate.
 2016-07-03 19:18:34 +02:00
Jakob Unterwurzacher
c9a472c12f syscallcompat: move syscall wrapper to their own package 
We will get more of them as OSX also lacks support for openat.
 2016-07-03 17:51:40 +02:00