From 4b204b8fbafcbd5b37c892dd9b80858482092eda Mon Sep 17 00:00:00 2001 From: Antonio SJ Musumeci Date: Fri, 13 Mar 2015 20:31:02 -0400 Subject: [PATCH] restrict who can setxattr the pseudo file. closes #64 --- src/getattr.cpp | 6 +++--- src/setxattr.cpp | 21 +++++++++++++-------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/getattr.cpp b/src/getattr.cpp index 27a1a281..6151d951 100644 --- a/src/getattr.cpp +++ b/src/getattr.cpp @@ -48,10 +48,10 @@ _getattr_controlfile(struct stat &buf) buf.st_dev = 0; buf.st_ino = 0; - buf.st_mode = (S_IFREG|S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + buf.st_mode = (S_IFREG|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); buf.st_nlink = 1; - buf.st_uid = ::geteuid(); - buf.st_gid = ::getegid(); + buf.st_uid = ::getuid(); + buf.st_gid = ::getgid(); buf.st_rdev = 0; buf.st_size = 0; buf.st_blksize = 1024; diff --git a/src/setxattr.cpp b/src/setxattr.cpp index b7a452d2..72315b05 100644 --- a/src/setxattr.cpp +++ b/src/setxattr.cpp @@ -282,18 +282,23 @@ namespace mergerfs size_t attrvalsize, int flags) { - const config::Config &config = config::get(); + const config::Config &config = config::get(); + const struct fuse_context *fc = fuse_get_context(); if(fusepath == config.controlfile) - return _setxattr_controlfile(config::get_writable(), - attrname, - string(attrval,attrvalsize), - flags); + { + if((fc->uid != ::getuid()) && (fc->gid != ::getgid())) + return -EPERM; + + return _setxattr_controlfile(config::get_writable(), + attrname, + string(attrval,attrvalsize), + flags); + } { - const struct fuse_context *fc = fuse_get_context(); - const ugid::SetResetGuard ugid(fc->uid,fc->gid); - const rwlock::ReadGuard readlock(&config.srcmountslock); + const ugid::SetResetGuard ugid(fc->uid,fc->gid); + const rwlock::ReadGuard readlock(&config.srcmountslock); return _setxattr(*config.setxattr, config.srcmounts,