libgocryptfs/internal
Jakob Unterwurzacher 72b975867a fusefronted: allow_other: close race between mknod and chown
If the user manages to replace the directory with
a symlink at just the right time, we could be tricked
into chown'ing the wrong file.

This change fixes the race by using fchownat, which
unfortunately is not available on darwin, hence a compat
wrapper is added.

Scenario, as described by @slackner at
https://github.com/rfjakob/gocryptfs/issues/177 :

1. Create a forward mount point with `plaintextnames` enabled
2. Mount as root user with `allow_other`
3. For testing purposes create a file `/tmp/file_owned_by_root`
   which is owned by the root user
4. As a regular user run inside of the GoCryptFS mount:

```
mkdir tempdir
mknod tempdir/file_owned_by_root p &
mv tempdir tempdir2
ln -s /tmp tempdir
```

When the steps are done fast enough and in the right order
(run in a loop!), the device file will be created in
`tempdir`, but the `lchown` will be executed by following
the symlink. As a result, the ownership of the file located
at `/tmp/file_owned_by_root` will be changed.
2017-11-27 21:04:45 +01:00
..
configfile main: Add '-devrandom' commandline option 2017-11-21 23:37:06 +01:00
contentenc contentenc: reserve one additional block in CReqPool 2017-10-19 09:23:10 +02:00
cryptocore Fix misspellings reported by goreportcard.com 2017-08-21 21:06:05 +02:00
ctlsock Fix typos found by Misspell 2017-05-07 12:22:15 +02:00
exitcodes Add "-trace" flag (record execution trace) 2017-06-07 22:09:06 +02:00
fusefrontend fusefronted: allow_other: close race between mknod and chown 2017-11-27 21:04:45 +01:00
fusefrontend_reverse reverse: reject too-long symlink target reads with ENAMETOOLONG 2017-11-26 21:37:12 +01:00
nametransform fusefrontend: Fix longname handling for renames with existing target 2017-11-25 16:19:09 +01:00
openfiletable openfiletable: rename WriteLock to ContentLock 2017-05-01 21:57:18 +02:00
pathiv pathiv: fix test failure on Go 1.6 2017-05-31 08:21:36 +02:00
prefer_openssl prefer_openssl: default to Go GCM on OSX 2016-12-10 21:04:17 +01:00
readpassword exitcodes: add code 22 for "password is empty" 2017-05-14 14:02:08 +02:00
serialize_reads fix golint complaints 2017-04-29 14:50:58 +02:00
siv_aead siv_aead: fix trivial typo in comment 2017-09-17 11:42:46 +02:00
speed fix golint complaints 2017-04-29 14:50:58 +02:00
stupidgcm macos: make testing without openssl work properly 2017-07-14 23:22:15 +02:00
syscallcompat fusefronted: allow_other: close race between mknod and chown 2017-11-27 21:04:45 +01:00
tlog Drop Go 1.4 compatability code everywhere 2017-03-05 17:44:14 +01:00