Be single-threaded by default. Documented a race condition.

2 files changed, 29 insertions, 9 deletions

diff --git a/src/bindfs.1 b/src/bindfs.1
index cd822bc..b420f21 100644
--- a/src/bindfs.1
+++ b/src/bindfs.1
@@ -239,6 +239,12 @@ The underlying file's ctime will still be updated normally.
 .B \-\-hide-hard-links, \-o hide-hard-links
 Shows the hard link count of all files as 1.
 
+.TP
+.B \-\-multithreaded, \-o multithreaded
+Run bindfs in multithreaded mode. While bindfs is designed to be
+otherwise thread-safe, there is currently a race condition that may pose
+a security risk for some use cases. See \fB\%BUGS\fP below.
+
 
 .SH FUSE OPTIONS
 .TP
@@ -260,10 +266,6 @@ Enable debug output (implies \-f).
 .B \-f
 Foreground operation.
 
-.TP
-.B \-s
-Disable multithreaded operation. bindfs should be thread-safe.
-
 
 .SH PERMISSION SPECIFICATION
 The \fB\-p\fP option takes a comma\- or colon\-separated list of either octal
@@ -349,13 +351,22 @@ MacFuse caches file contents by default.
 This means that changes in source files are not always immediately visible under the mount point.
 \fB\-o nolocalcaches\fP can be used to disable the cache.
 
-When using \fB\-\-mirror[-only]\fP on a group, bindfs won't see changes to the group's member list.
+When using \fB\-\-mirror[-only] @somegroup\fP, bindfs won't see changes to the group's member list.
 Sending bindfs a \fBSIGUSR1\fP signal will make it reread the user database.
 
 .SH BUGS
 
-Please report to the issue tracker on the project home page at
-http://code.google.com/p/bindfs/
+If bindfs is run in multithreaded mode (with the
+\fB\-\-multithreaded\fP option) then it's possible for another process
+to briefly see a file with an incorrect owner, group or permissions.
+This may constitute a security risk if you rely on bindfs to reduce
+permissions on new files. For this reason, as of version 1.11
+bindfs runs in single-threaded mode by default.
+
+Please report bugs to the issue tracker on the project home page at
+\fBhttp://code.google.com/p/bindfs/\fP
+Send patches as pull requests to \fBhttps://github.com/mpartel/bindfs\fP or
+by e-mail to \fBmartin dot partel at gmail dot com\fP.
 
 
 .SH AUTHOR
diff --git a/src/bindfs.c b/src/bindfs.c
index dbbb588..f55bc4b 100644
--- a/src/bindfs.c
+++ b/src/bindfs.c
@@ -977,13 +977,14 @@ static void print_usage(const char *progname)
            "  --ctime-from-mtime        Read file properties' change time\n"
            "                            from file content modification time.\n"
            "  --hide-hard-links         Always report a hard link count of 1.\n"
+           "  --multithreaded           Enable multithreaded mode. See man page\n"
+           "                            for security issue with current implementation.\n"
            "\n"
            "FUSE options:\n"
            "  -o opt[,opt,...]          Mount options.\n"
            "  -r      -o ro             Mount strictly read-only.\n"
            "  -d      -o debug          Enable debug output (implies -f).\n"
            "  -f                        Foreground operation.\n"
-           "  -s                        Disable multithreaded operation.\n"
            "\n"
            "(*: root only)\n"
            "\n",
@@ -1013,7 +1014,8 @@ enum OptionKey {
     OPTKEY_XATTR_READ_WRITE,
     OPTKEY_REALISTIC_PERMISSIONS,
     OPTKEY_CTIME_FROM_MTIME,
-    OPTKEY_HIDE_HARD_LINKS
+    OPTKEY_HIDE_HARD_LINKS,
+    OPTKEY_MULTITHREADED
 };
 
 static int process_option(void *data, const char *arg, int key,
@@ -1333,6 +1335,7 @@ int main(int argc, char *argv[])
         char *create_for_group;
         char *create_with_perms;
         int no_allow_other;
+        int multithreaded;
     } od;
 
     #define OPT2(one, two, key) \
@@ -1377,6 +1380,7 @@ int main(int argc, char *argv[])
         OPT2("--realistic-permissions", "realistic-permissions", OPTKEY_REALISTIC_PERMISSIONS),
         OPT2("--ctime-from-mtime", "ctime-from-mtime", OPTKEY_CTIME_FROM_MTIME),
         OPT2("--hide-hard-links", "hide-hard-links", OPTKEY_HIDE_HARD_LINKS),
+        OPT_OFFSET2("--multithreaded", "multithreaded", multithreaded, -1),
         FUSE_OPT_END
     };
 
@@ -1501,6 +1505,11 @@ int main(int argc, char *argv[])
     }
 
 
+    /* Single-threaded mode by default */
+    if (!od.multithreaded) {
+        fuse_opt_add_arg(&args, "-s");
+    }
+
     /* Add default fuse options */
     if (!od.no_allow_other) {
         fuse_opt_add_arg(&args, "-oallow_other");