diff options
| author | Miklos Szeredi <miklos@szeredi.hu> | 2005-04-22 12:04:55 +0000 |
|---|---|---|
| committer | Miklos Szeredi <miklos@szeredi.hu> | 2005-04-22 12:04:55 +0000 |
| commit | 0111f9dbe43a8c4ae516d3eb470186770894c5bf (patch) | |
| tree | 6112c59cbfcebc262d88ae10d1e06d92e0fcd142 /lib | |
| parent | d001bf9915e651dd301c29aafe0b7e777a1ae7cf (diff) | |
| download | libfuse-0111f9dbe43a8c4ae516d3eb470186770894c5bf.tar.gz | |
fix
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/fuse.c | 19 | ||||
| -rw-r--r-- | lib/fuse_i.h | 1 | ||||
| -rw-r--r-- | lib/helper.c | 6 |
3 files changed, 24 insertions, 2 deletions
@@ -35,6 +35,9 @@ /** Use st_ino field in getattr instead of generating inode numbers */ #define FUSE_USE_INO (1 << 3) +/** Only allow root or the owner to access the filesystem */ +#define FUSE_ALLOW_ROOT (1 << 4) + #define FUSE_KERNEL_MINOR_VERSION_NEED 1 #define FUSE_VERSION_FILE_OLD "/proc/fs/fuse/version" #define FUSE_VERSION_FILE_NEW "/sys/fs/fuse/version" @@ -1765,6 +1768,15 @@ void fuse_process_cmd(struct fuse *f, struct fuse_cmd *cmd) goto out; } + if ((f->flags & FUSE_ALLOW_ROOT) && in->uid != f->owner && in->uid != 0 && + in->opcode != FUSE_INIT && in->opcode != FUSE_READ && + in->opcode != FUSE_WRITE && in->opcode != FUSE_FSYNC && + in->opcode != FUSE_RELEASE && in->opcode != FUSE_READDIR && + in->opcode != FUSE_FSYNCDIR && in->opcode != FUSE_RELEASEDIR) { + send_reply(f, in, -EACCES, NULL, 0); + goto out; + } + ctx->fuse = f; ctx->uid = in->uid; ctx->gid = in->gid; @@ -2000,7 +2012,8 @@ int fuse_is_lib_option(const char *opt) { if (strcmp(opt, "debug") == 0 || strcmp(opt, "hard_remove") == 0 || - strcmp(opt, "use_ino") == 0) + strcmp(opt, "use_ino") == 0 || + strcmp(opt, "allow_root") == 0) return 1; else return 0; @@ -2025,6 +2038,8 @@ static int parse_lib_opts(struct fuse *f, const char *opts) f->flags |= FUSE_HARD_REMOVE; else if (strcmp(opt, "use_ino") == 0) f->flags |= FUSE_USE_INO; + else if (strcmp(opt, "allow_root") == 0) + f->flags |= FUSE_ALLOW_ROOT; else fprintf(stderr, "fuse: warning: unknown option `%s'\n", opt); } @@ -2100,6 +2115,8 @@ struct fuse *fuse_new_common(int fd, const char *opts, root->refctr = 1; hash_id(f, root); + f->owner = getuid(); + return f; out_free_root: diff --git a/lib/fuse_i.h b/lib/fuse_i.h index 4a9f04a..3bdfb00 100644 --- a/lib/fuse_i.h +++ b/lib/fuse_i.h @@ -32,6 +32,7 @@ struct fuse { void *user_data; int major; int minor; + uid_t owner; }; struct fuse *fuse_new_common(int fd, const char *opts, diff --git a/lib/helper.c b/lib/helper.c index 42fe44c..d1a3d1f 100644 --- a/lib/helper.c +++ b/lib/helper.c @@ -138,8 +138,12 @@ static int add_options(char **lib_optp, char **kernel_optp, const char *opts) while((opt = strsep(&s, ",")) != NULL) { int res; - if (fuse_is_lib_option(opt)) + if (fuse_is_lib_option(opt)) { res = add_option_to(opt, lib_optp); + /* Compatibility hack */ + if (strcmp(opt, "allow_root") == 0 && res != -1) + res = add_option_to("allow_other", kernel_optp); + } else res = add_option_to(opt, kernel_optp); if (res == -1) { |