Permalink
Browse files

Also set the read-only option on the server

The read-only option is requested to the remote side, by an sshfs
parameter. Therefore, a (remote) modified sshfs version may ignore the
read-only option, allowing to write to the local path.

To fix this security issue, the server (the local host) must also set
the read-only option if necessary.
  • Loading branch information...
rom1v committed Jun 17, 2014
1 parent 440a357 commit 643f92613b56a8cb9793dce77c003e638d83aed9
Showing with 17 additions and 5 deletions.
  1. +0 −4 README.md
  2. +17 −1 rsshfs
@@ -36,10 +36,6 @@ It is possible to mount it in *read-only* mode:
./rsshfs /local/folder server:/remote/folder -o ro
~~~

**Warning:** The read-only option is requested to the remote side, by an
`sshfs` parameter. Therefore, a modified `sshfs` may ignore the *read-only*
request. So you must trust the remote host.

Contrary to `sshfs`, as `rsshfs` acts as a server, it does not return until the
remote folder is unmounted.

18 rsshfs
@@ -34,11 +34,27 @@ else
# warning: the array will be flatten to a string anyway
qall=$(quote "$@")

# detect sshfs read-only from consecutive args '-o' 'ro'
unset readonly
args=("$@")
for (( i = 1; i < $#; i++ ))
do
if [[ "${args[$i]}" == ro && "${args[(($i-1))]}" == -o ]]
then
readonly=:
break
fi
done

# also set read-only on the server side (the local host)
unset sftpargs
[[ "$readonly" ]] && sftpargs=(-R)

printf "Mounting '$lpath' on '$rhost:$rpath'...\n"
fifo=/tmp/rsshfs-$$
rm -f "$fifo"
mkfifo -m600 "$fifo" &&
< "$fifo" /usr/lib/openssh/sftp-server |
< "$fifo" /usr/lib/openssh/sftp-server "${sftpargs[@]}" |
ssh "$rhost" sshfs -o slave ":$qlpath" "$qrpath" "$qall" > "$fifo"
rm "$fifo"
fi

0 comments on commit 643f926

Please sign in to comment.