filesystem: validate size and type of metadata files

Don't allow reading metadata files that are very large, as they can
crash the program due to the memory required.  Similarly, don't allow
reading metadata files that aren't regular files, such as FIFOs, or
symlinks (which could point to a device node like /dev/zero), as that
can hang the program.  Both issues were particularly problematic for
pam_fscrypt, as they could prevent users from being able to log in.

Note: these checks are arguably unneeded if we strictly check the file
ownership too, which a later commit will do.  But there's no reason not
to do these basic checks too.

0 files changed, 0 insertions, 0 deletions