72b975867a
If the user manages to replace the directory with a symlink at just the right time, we could be tricked into chown'ing the wrong file. This change fixes the race by using fchownat, which unfortunately is not available on darwin, hence a compat wrapper is added. Scenario, as described by @slackner at https://github.com/rfjakob/gocryptfs/issues/177 : 1. Create a forward mount point with `plaintextnames` enabled 2. Mount as root user with `allow_other` 3. For testing purposes create a file `/tmp/file_owned_by_root` which is owned by the root user 4. As a regular user run inside of the GoCryptFS mount: ``` mkdir tempdir mknod tempdir/file_owned_by_root p & mv tempdir tempdir2 ln -s /tmp tempdir ``` When the steps are done fast enough and in the right order (run in a loop!), the device file will be created in `tempdir`, but the `lchown` will be executed by following the symlink. As a result, the ownership of the file located at `/tmp/file_owned_by_root` will be changed. |
||
|---|---|---|
| .. | ||
| cli | ||
| defaults | ||
| example_filesystems | ||
| hkdf_sanity | ||
| matrix | ||
| plaintextnames | ||
| reverse | ||
| stress_tests | ||
| test_helpers | ||
| canonical-benchmarks.bash | ||
| dl-linux-tarball.bash | ||
| fuse-unmount.bash | ||
| maxlen.bash | ||