From e47734baa93bcc46951b851ca392cbfe48a38e72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Tue, 8 Feb 2011 13:52:11 +0100
Subject: [PATCH] Denied modifications to metadata files

---
 src/lowntfs-3g.c | 13 +++++++++++++
 src/ntfs-3g.c    | 15 +++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
index ec9e49c9..1e93bc2b 100644
--- a/src/lowntfs-3g.c
+++ b/src/lowntfs-3g.c
@@ -1274,6 +1274,9 @@ static void ntfs_fuse_open(fuse_req_t req, fuse_ino_t ino,
 				    && (ni->flags & FILE_ATTR_ENCRYPTED))
 					state |= CLOSE_ENCRYPTED;
 #endif /* HAVE_SETXATTR */
+			/* deny opening metadata files for writing */
+				if (ino < FILE_first_user)
+					res = -EPERM;
 			}
 			ntfs_attr_close(na);
 		} else
@@ -1551,6 +1554,11 @@ static int ntfs_fuse_trunc(struct SECURITY_CONTEXT *scx, fuse_ino_t ino,
 	if (!ni)
 		goto exit;
 
+	/* deny truncating metadata files */
+	if (ino < FILE_first_user) {
+		errno = EPERM;
+		goto exit;
+	}
 	na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0);
 	if (!na)
 		goto exit;
@@ -2158,6 +2166,11 @@ static int ntfs_fuse_rm(fuse_req_t req, fuse_ino_t parent, const char *name)
 		res = -errno;
 		goto exit;
 	}
+	/* deny unlinking metadata files */
+	if (MREF(iref) < FILE_first_user) {
+		res = -EPERM;
+		goto exit;
+	}
 
 	of = ctx->open_files;
 	ino = (fuse_ino_t)MREF(iref);
diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
index 0a7bd8d0..e099022a 100644
--- a/src/ntfs-3g.c
+++ b/src/ntfs-3g.c
@@ -1220,6 +1220,9 @@ static int ntfs_fuse_open(const char *org_path,
 				    && (ni->flags & FILE_ATTR_ENCRYPTED))
 					fi->fh |= CLOSE_ENCRYPTED;
 #endif /* HAVE_SETXATTR */
+			/* deny opening metadata files for writing */
+				if (ni->mft_no < FILE_first_user)
+					res = -EPERM;
 			}
 			ntfs_attr_close(na);
 		} else
@@ -1431,6 +1434,11 @@ static int ntfs_fuse_trunc(const char *org_path, off_t size,
 	ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
 	if (!ni)
 		goto exit;
+	/* deny truncating metadata files */
+	if (ni->mft_no < FILE_first_user) {
+		errno = EPERM;
+		goto exit;
+	}
 
 	na = ntfs_attr_open(ni, AT_DATA, stream_name, stream_name_len);
 	if (!na)
@@ -1983,6 +1991,13 @@ static int ntfs_fuse_rm(const char *org_path)
 		res = -errno;
 		goto exit;
 	}
+	/* deny unlinking metadata files */
+	if (ni->mft_no < FILE_first_user) {
+		errno = EPERM;
+		res = -errno;
+		goto exit;
+	}
+
 	/* Generate unicode filename. */
 	name = strrchr(path, '/');
 	name++;