New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Perform checks to ensure that we're not descending into ourself. #125

Merged
merged 1 commit into from Nov 15, 2015

Conversation

Projects
None yet
3 participants
@wdoekes
Copy link
Contributor

wdoekes commented Nov 12, 2015

It's possible to mount this filesystem in a descendant of the real
(source) filesystem. For instance, one could do this:

encfs --reverse / /home/encrypted/rootfs

At that point, all files in / (like /root/.bashrc) are also in
/home/encrypted/rootfs (like /home/encrypted/rootfs/root/.bashrc).

This can be useful when you want to export an encrypted copy of the
filesystem: the remote backup machine can fetch any file, but all files
will be encrypted.

However, the mountpoint itself is also there:

/home/encrypted/rootfs/home/encrypted/rootfs

This would cause a find / of the filesystem to take infinite time. And
what's worse; trying to read files from there would cause the filesystem
to lock up:

cat /home/encrypted/rootfs/home/encrypted/rootfs/root/.bashrc
(infinite hang)

This patch adds an extra check so the filesystem refuses to descend into
itself.

@rfjakob

This comment has been minimized.

Copy link
Collaborator

rfjakob commented Nov 12, 2015

Looks like a good idea! I have added a few comments to your patch ( https://github.com/ossobv/encfs/commit/6d9f16f1da68caea4e58e55d333464d633d0b230 ) .

Perform checks to ensure that we're not descending into ourself.
It's possible to mount this filesystem in a descendant of the real
(source) filesystem. For instance, one could do this:

    encfs --reverse / /home/encrypted/rootfs

At that point, all files in `/` (like `/root/.bashrc`) are also in
`/home/encrypted/rootfs` (like `/home/encrypted/rootfs/root/.bashrc`).

This can be useful when you want to export an encrypted copy of the
filesystem: the remote backup machine can fetch any file, but all files
will be encrypted.

However, the mountpoint itself is also there:

    /home/encrypted/rootfs/home/encrypted/rootfs

This would cause a `find /` of the filesystem to take infinite time. And
what's worse; trying to read files from there would cause the filesystem
to lock up:

    cat /home/encrypted/rootfs/home/encrypted/rootfs/root/.bashrc
    (infinite hang)

This patch adds an extra check so the filesystem refuses to descend into
itself.
@wdoekes

This comment has been minimized.

Copy link
Contributor Author

wdoekes commented Nov 12, 2015

Thanks for the review! Updated with the requested changes.

@rfjakob

This comment has been minimized.

Copy link
Collaborator

rfjakob commented Nov 12, 2015

Looks good now! @vgough OK with merging this?

@vgough

This comment has been minimized.

Copy link
Owner

vgough commented Nov 15, 2015

lgtm, thanks.

vgough added a commit that referenced this pull request Nov 15, 2015

Merge pull request #125 from ossobv/wjd-refuse_descent_into_own_mount…
…point

Perform checks to ensure that we're not descending into ourself.

@vgough vgough merged commit a461d88 into vgough:master Nov 15, 2015

1 check passed

ci/circleci Your tests passed on CircleCI!
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment