Merge pull request #346 from google/fixes

Metadata validation and other security improvements
author: Eric Biggers <ebiggers@google.com> 2022-02-23 12:44:31 -0800
committer: GitHub <noreply@github.com> 2022-02-23 12:44:31 -0800
commit: 91aa3ebf42032ca783c41f9ec25d885875f66ddb (patch)
tree: 9b4ccbb0ab0a8742e1def7a02dbe076990cdb237 /actions/recovery.go
parent: 1ab74f59b52ec244fee003effa8415c6c4038a54 (diff)
parent: 97700817e737eabf45033cdb4a42fa5c6e74f877 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/actions/recovery.go b/actions/recovery.go
index f533906..8a769cc 100644
--- a/actions/recovery.go
+++ b/actions/recovery.go
@@ -25,6 +25,7 @@ import (
 
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // modifiedContextWithSource returns a copy of ctx with the protector source
@@ -66,7 +67,7 @@ func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protec
 		if seq != 1 {
 			name += " (" + strconv.Itoa(seq) + ")"
 		}
-		recoveryProtector, err = CreateProtector(customCtx, name, getPassphraseFn)
+		recoveryProtector, err = CreateProtector(customCtx, name, getPassphraseFn, policy.ownerIfCreating)
 		if err == nil {
 			break
 		}
@@ -121,5 +122,10 @@ It is safe to keep it around though, as the recovery passphrase is high-entropy.
 	if _, err = file.WriteString(str); err != nil {
 		return err
 	}
+	if recoveryProtector.ownerIfCreating != nil {
+		if err = util.Chown(file, recoveryProtector.ownerIfCreating); err != nil {
+			return err
+		}
+	}
 	return file.Sync()
 }
author	Eric Biggers <ebiggers@google.com>	2022-02-23 12:44:31 -0800
committer	GitHub <noreply@github.com>	2022-02-23 12:44:31 -0800
commit	91aa3ebf42032ca783c41f9ec25d885875f66ddb (patch)
tree	9b4ccbb0ab0a8742e1def7a02dbe076990cdb237 /actions/recovery.go
parent	1ab74f59b52ec244fee003effa8415c6c4038a54 (diff)
parent	97700817e737eabf45033cdb4a42fa5c6e74f877 (diff)