From e0f10e25171d347bc47ae04bbce7cd014ee9ea92 Mon Sep 17 00:00:00 2001
From: Ben RUBSON <ben.rubson@gmail.com>
Date: Sun, 1 Oct 2017 21:44:17 +0200
Subject: [PATCH] Correctly use setgid/setuid with allow_other

- use these functions in the correct order ;
- correctly check for their return code.
This helps to correct #398.
---
 encfs/DirNode.cpp  | 16 +++++++++++++---
 encfs/FileNode.cpp | 16 ++++++++--------
 encfs/encfs.h      |  6 ++----
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/encfs/DirNode.cpp b/encfs/DirNode.cpp
index 00b60bf..bcc55b6 100644
--- a/encfs/DirNode.cpp
+++ b/encfs/DirNode.cpp
@@ -501,11 +501,21 @@ int DirNode::mkdir(const char *plaintextPath, mode_t mode, uid_t uid,
   // if uid or gid are set, then that should be the directory owner
   int olduid = -1;
   int oldgid = -1;
-  if (uid != 0) {
-    olduid = setfsuid(uid);
-  }
   if (gid != 0) {
     oldgid = setfsgid(gid);
+    if (oldgid == -1) {
+      int eno = errno;
+      RLOG(DEBUG) << "setfsgid error: " << strerror(eno);
+      return -EPERM;
+    }
+  }
+  if (uid != 0) {
+    olduid = setfsuid(uid);
+    if (olduid == -1) {
+      int eno = errno;
+      RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
+      return -EPERM;
+    }
   }
 
   int res = ::mkdir(cyName.c_str(), mode);
diff --git a/encfs/FileNode.cpp b/encfs/FileNode.cpp
index 64ae8af..bbe4129 100644
--- a/encfs/FileNode.cpp
+++ b/encfs/FileNode.cpp
@@ -154,14 +154,6 @@ int FileNode::mknod(mode_t mode, dev_t rdev, uid_t uid, gid_t gid) {
   int res;
   int olduid = -1;
   int oldgid = -1;
-  if (uid != 0) {
-    olduid = setfsuid(uid);
-    if (olduid == -1) {
-      int eno = errno;
-      RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
-      return -EPERM;
-    }
-  }
   if (gid != 0) {
     oldgid = setfsgid(gid);
     if (oldgid == -1) {
@@ -170,6 +162,14 @@ int FileNode::mknod(mode_t mode, dev_t rdev, uid_t uid, gid_t gid) {
       return -EPERM;
     }
   }
+  if (uid != 0) {
+    olduid = setfsuid(uid);
+    if (olduid == -1) {
+      int eno = errno;
+      RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
+      return -EPERM;
+    }
+  }
 
   /*
    * cf. xmp_mknod() in fusexmp.c
diff --git a/encfs/encfs.h b/encfs/encfs.h
index 28b7709..31e03d0 100644
--- a/encfs/encfs.h
+++ b/encfs/encfs.h
@@ -41,8 +41,7 @@ static __inline int setfsuid(uid_t uid) {
   uid_t olduid = geteuid();
 
   if (seteuid(uid) != 0) {
-    int eno = errno;
-    VLOG(1) << "seteuid error: " << strerror(eno);
+    return -1;
   }
 
   return olduid;
@@ -52,8 +51,7 @@ static __inline int setfsgid(gid_t gid) {
   gid_t oldgid = getegid();
 
   if (setegid(gid) != 0) {
-    int eno = errno;
-    VLOG(1) << "setfsgid error: " << strerror(eno);
+    return -1;
   }
 
   return oldgid;