make sure idmap files aren't writable by others

otherwise, other local users could change the mapping, and gain access to things they shouldn't
2012-02-17 11:35:15 -05:00 · 2012-02-17 11:35:15 -05:00 · eb60e2d1a2
parent 0d34c7b742
commit eb60e2d1a2
2 changed files with 22 additions and 0 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2012-03-08  Miklos Szeredi <miklos@szeredi.hu>
+
+	* Make sure idmap files aren't writable by others otherwise, other
+	local users could change the mapping, and gain access to things
+	they shouldn't.  Patch by Mike Kelly
+
 2012-02-08  Chris Wolfe <cwolfe@chromium.org>

 	* Add -o slave. This option routes the sftp communication over stdin
--- a/sshfs.c
+++ b/sshfs.c
@ -3696,6 +3696,7 @@ static void read_id_map(char *file, uint32_t *(*map_fn)(char *),
 	FILE *fp;
 	char line[LINE_MAX];
 	unsigned int lineno = 0;
+	uid_t local_uid = getuid();

 	fp = fopen(file, "r");
 	if (fp == NULL) {
@ -3703,6 +3704,21 @@ static void read_id_map(char *file, uint32_t *(*map_fn)(char *),
 				file, strerror(errno));
 		exit(1);
 	}
+	struct stat st;
+	if (fstat(fileno(fp), &st) == -1) {
+		fprintf(stderr, "failed to stat '%s': %s\n", file,
+				strerror(errno));
+		exit(1);
+	}
+	if (st.st_uid != local_uid) {
+		fprintf(stderr, "'%s' is not owned by uid %lu\n", file,
+				(unsigned long)local_uid);
+		exit(1);
+	}
+	if (st.st_mode & S_IWGRP || st.st_mode & S_IWOTH) {
+		fprintf(stderr, "'%s' is writable by other users\n", file);
+		exit(1);
+	}

 	while (fgets(line, LINE_MAX, fp) != NULL) {
 		lineno++;