17 Feb 2012 19:24
[PATCH] make sure idmap files aren't writable by others
Mike Kelly <mike <at> pair.com>
2012-02-17 18:24:20 GMT
2012-02-17 18:24:20 GMT
otherwise, other local users could change the mapping, and gain access
to things they shouldn't
---
sshfs.c | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/sshfs.c b/sshfs.c
index 7afbd87..ed9652c 100644
--- a/sshfs.c
+++ b/sshfs.c
<at> <at> -3561,6 +3561,7 <at> <at> static void read_id_map(char *file, uint32_t *(*map_fn)(char *),
FILE *fp;
char line[LINE_MAX];
unsigned int lineno = 0;
+ uid_t local_uid = getuid();
fp = fopen(file, "r");
if (fp == NULL) {
<at> <at> -3568,6 +3569,21 <at> <at> static void read_id_map(char *file, uint32_t *(*map_fn)(char *),
file, strerror(errno));
exit(1);
}
+ struct stat st;
+ if (fstat(fileno(fp), &st) == -1) {
+ fprintf(stderr, "failed to stat '%s': %s\n", file,
+ strerror(errno));
+ exit(1);
+ }
+ if (st.st_uid != local_uid) {
+ fprintf(stderr, "'%s' is not owned by uid %lu\n", file,
(Continue reading)
RSS Feed