The use case is a mount tool, I want to restrict mounting (a unionfs(r+x dir, squashfs) ) to files owned by the caller.
I know about fusefs, But I’d like to use overlayfs and squashfs in the kernel.
Advertisement
Answer
So long as you haven’t called setuid() or setreuid() yet, you can use getuid() to get the user ID of the user that executed your program. Once you’ve done that, you can use stat() to get the owner of a file.
Alternatively, you can use the access() system call to check whether the user can read, write, and/or execute a specified path. access() uses the real user ID, not the effective user ID, so it will not use root’s permissions to perform this access check.
In either case, take care that you do not introduce a time-of-check/time-of-use (TOCTOU) vulnerability in this check. Remember, the object pointed to by a path may change at any time, even while your application is running. Symbolic links are a particular hazard here!