| Age | Commit message (Collapse) | Author |
|---|
|
If the user has set a restrictive umask, e.g. 0077, then
/etc/fscrypt.conf would be created without the world-readable bit set.
Fix it by overriding the umask when creating the file.
Resolves https://github.com/google/fscrypt/issues/151
|
|
filesystem: allow .fscrypt to be a symlink
|
|
This makes it easier to understand which code is actually invoked by the
command-line tool.
|
|
Support the case where the user has a read-only root filesystem (e.g.
with OSTree) and had previously created a symlink /.fscrypt pointing to
a writable location, so that login protectors can be created there.
Resolves https://github.com/google/fscrypt/issues/131
|
|
Make the global setup command also create the metadata directory at
/.fscrypt, since that's where login protectors are placed, even when the
actual encrypted directories are on a different filesystem.
Resolves https://github.com/google/fscrypt/issues/129
|
|
Also add go version attrubute to go.mod
|
|
Show the encryption options when running 'fscrypt status' on a
directory. E.g.:
Policy: 490515286453d3f7
Options: padding:32 contents:Adiantum filenames:Adiantum
Unlocked: Yes
|
|
* filesystem: ensure data is persisted before returning success
Sync the temporary file before renaming it, to ensure that after a
crash, the destination file isn't zero-length or otherwise incomplete.
Also sync the directory after the rename, to ensure the rename has been
persisted before returning success.
* filesystem: don't use fixed temporary file name
Using a fixed temporary file name in a world-writable sticky directory
is problematic since another user can create the file first.
Use ioutil.TempFile() to do it properly. It uses O_EXCL under the hood
to ensure the file is newly created.
|
|
These were found by a combination of manual review and a custom script
that checks for common errors.
Also removed an outdated sentence from the comment for setupBefore().
|
|
Add the tags file to .gitignore, for developers using
https://github.com/jstemmer/gotags.
|
|
Fix 'make format'-related CI failure
|
|
This fixes a CI failure, caused by goimports changing how it formats the
imports.
|
|
Due to a goimports update, 'make format' is now changing metadata.pb.go.
But this fix can't be committed because this file is generated by
'make gen'.
Fix this by not formatting generated files.
|
|
Resolves https://github.com/google/fscrypt/issues/124
|
|
Resolves https://github.com/google/fscrypt/issues/117
Resolves https://github.com/google/fscrypt/issues/127
|
|
Resolves https://github.com/google/fscrypt/issues/58
|
|
Resolves https://github.com/google/fscrypt/issues/132
|
|
Fixes CI issues
|
|
Install pam modules/configs to the right location
|
|
|
|
Per the FHS, manually installed programs should go under /usr/local.
This change also makes it easier to change the global installation
prefix. For example, package managers should set PREFIX=/usr
|
|
Add support for the Adiantum encryption mode
|
|
Makefile: migrate from megacheck to staticcheck
|
|
This fixes travis issues as well as moving us off of deprecated tooling
|
|
Add Adiantum support to the fscrypt userspace tool. Supported in the
kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode
based primarily on XChaCha12. It is fast even on CPUs without AES
instructions. Unlike XTS it is also a wide-block encryption mode.
Adiantum is supported for both contents and filenames encryption.
For Adiantum encryption policies, also make the fscrypt tool provide the
new DIRECT_KEY flag, which further improves performance by requesting
that all files be encrypted directly with the policy key. This takes
advantage of Adiantum's support for long tweaks.
See the kernel commit "fscrypt: add Adiantum support"
(https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details.
|
|
Makefile: use a specific protoc-gen-go version
|
|
'make gen' no longer works because it uses the git version of
protoc-gen-go, which is no longer compatible with the latest released
version of github.com/golang/protobuf/proto, which we're using. Freeze
the protoc-gen-go version so that it keeps working.
|
|
README: fix "Debain" typo
|
|
|
|
feat(spell-check): add make command for spell check.
|
|
* Remove spelling mistakes in the repository
* Add travis script to check for typos.
* Add command to Makefile to check for typos.
* Fixes #71
|
|
Use Go Modules and support Go 1.11 building
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Release: v0.2.4
|
|
|
|
Cleanup privilege dropping/raising in pam_fscrypt
|
|
|
|
This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).
This fixes an issue where "su <user>" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.
|
|
This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.
This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.
|
|
Fix Travis to only use Go 1.10
|
|
|
