Merge pull request #346 from google/fixes

Metadata validation and other security improvements
author: Eric Biggers <ebiggers@google.com> 2022-02-23 12:44:31 -0800
committer: GitHub <noreply@github.com> 2022-02-23 12:44:31 -0800
commit: 91aa3ebf42032ca783c41f9ec25d885875f66ddb (patch)
tree: 9b4ccbb0ab0a8742e1def7a02dbe076990cdb237 /cmd/fscrypt/protector.go
parent: 1ab74f59b52ec244fee003effa8415c6c4038a54 (diff)
parent: 97700817e737eabf45033cdb4a42fa5c6e74f877 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go
index ac864dd..186ca7a 100644
--- a/cmd/fscrypt/protector.go
+++ b/cmd/fscrypt/protector.go
@@ -23,6 +23,7 @@ package main
 import (
 	"fmt"
 	"log"
+	"os/user"
 
 	"github.com/google/fscrypt/actions"
 	"github.com/google/fscrypt/filesystem"
@@ -38,7 +39,6 @@ func createProtectorFromContext(ctx *actions.Context) (*actions.Protector, error
 		return nil, err
 	}
 	log.Printf("using source: %s", ctx.Config.Source.String())
-
 	if ctx.Config.Source == metadata.SourceType_pam_passphrase {
 		if userFlag.Value == "" && util.IsUserRoot() {
 			return nil, ErrSpecifyUser
@@ -70,7 +70,11 @@ IMPORTANT: Before continuing, ensure you have properly set up your system for
 		}
 	}
 
-	return actions.CreateProtector(ctx, name, createKeyFn)
+	var owner *user.User
+	if ctx.Config.Source == metadata.SourceType_pam_passphrase && util.IsUserRoot() {
+		owner = ctx.TargetUser
+	}
+	return actions.CreateProtector(ctx, name, createKeyFn, owner)
 }
 
 // selectExistingProtector returns a locked Protector which corresponds to an
author	Eric Biggers <ebiggers@google.com>	2022-02-23 12:44:31 -0800
committer	GitHub <noreply@github.com>	2022-02-23 12:44:31 -0800
commit	91aa3ebf42032ca783c41f9ec25d885875f66ddb (patch)
tree	9b4ccbb0ab0a8742e1def7a02dbe076990cdb237 /cmd/fscrypt/protector.go
parent	1ab74f59b52ec244fee003effa8415c6c4038a54 (diff)
parent	97700817e737eabf45033cdb4a42fa5c6e74f877 (diff)