diff options
author | netblue30 <netblue30@yahoo.com> | 2018-08-11 08:53:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-08-11 08:53:05 -0400 |
commit | a535609f5b6f4f6357219630f2da485d4aefb9d9 (patch) | |
tree | d4b1e9d2c6f6eb8799bd9346316b149646c512cc | |
parent | xdg macro: silence resolve messages unless arg_debug (diff) | |
download | firejail-a535609f5b6f4f6357219630f2da485d4aefb9d9.tar.gz firejail-a535609f5b6f4f6357219630f2da485d4aefb9d9.tar.zst firejail-a535609f5b6f4f6357219630f2da485d4aefb9d9.zip |
release 0.9.56~rc1 testing
-rw-r--r-- | RELNOTES | 4 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/floader/README.md | 7 | ||||
-rw-r--r-- | src/floader/loader.c | 161 | ||||
-rw-r--r-- | src/floader/makefile | 5 | ||||
-rwxr-xr-x | test/blacklist-link.exp | 82 | ||||
-rwxr-xr-x | test/blacklist.exp | 75 | ||||
-rw-r--r-- | test/blacklist1.profile | 1 | ||||
-rw-r--r-- | test/blacklist2.profile | 1 | ||||
-rw-r--r-- | test/blacklist3.profile | 1 |
11 files changed, 12 insertions, 345 deletions
@@ -1,4 +1,4 @@ | |||
1 | firejail (0.9.55) baseline; urgency=low | 1 | firejail (0.9.56~rc1) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * modif: removed CFG_CHROOT_DESKTOP configuration option | 3 | * modif: removed CFG_CHROOT_DESKTOP configuration option |
4 | * modif: removed compile time --enable-network=restricted | 4 | * modif: removed compile time --enable-network=restricted |
@@ -16,7 +16,7 @@ firejail (0.9.55) baseline; urgency=low | |||
16 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, | 16 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, |
17 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, | 17 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, |
18 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd | 18 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd |
19 | -- netblue30 <netblue30@yahoo.com> Fri, 25 May 2018 08:00:00 -0500 | 19 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 |
20 | 20 | ||
21 | firejail (0.9.54) baseline; urgency=low | 21 | firejail (0.9.54) baseline; urgency=low |
22 | * modif: --force removed | 22 | * modif: --force removed |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.55. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.56~rc1. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.55' | 583 | PACKAGE_VERSION='0.9.56~rc1' |
584 | PACKAGE_STRING='firejail 0.9.55' | 584 | PACKAGE_STRING='firejail 0.9.56~rc1' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -1277,7 +1277,7 @@ if test "$ac_init_help" = "long"; then | |||
1277 | # Omit some internal or obsolete options to make the list less imposing. | 1277 | # Omit some internal or obsolete options to make the list less imposing. |
1278 | # This message is too long to be a string in the A/UX 3.1 sh. | 1278 | # This message is too long to be a string in the A/UX 3.1 sh. |
1279 | cat <<_ACEOF | 1279 | cat <<_ACEOF |
1280 | \`configure' configures firejail 0.9.55 to adapt to many kinds of systems. | 1280 | \`configure' configures firejail 0.9.56~rc1 to adapt to many kinds of systems. |
1281 | 1281 | ||
1282 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1282 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1283 | 1283 | ||
@@ -1339,7 +1339,7 @@ fi | |||
1339 | 1339 | ||
1340 | if test -n "$ac_init_help"; then | 1340 | if test -n "$ac_init_help"; then |
1341 | case $ac_init_help in | 1341 | case $ac_init_help in |
1342 | short | recursive ) echo "Configuration of firejail 0.9.55:";; | 1342 | short | recursive ) echo "Configuration of firejail 0.9.56~rc1:";; |
1343 | esac | 1343 | esac |
1344 | cat <<\_ACEOF | 1344 | cat <<\_ACEOF |
1345 | 1345 | ||
@@ -1445,7 +1445,7 @@ fi | |||
1445 | test -n "$ac_init_help" && exit $ac_status | 1445 | test -n "$ac_init_help" && exit $ac_status |
1446 | if $ac_init_version; then | 1446 | if $ac_init_version; then |
1447 | cat <<\_ACEOF | 1447 | cat <<\_ACEOF |
1448 | firejail configure 0.9.55 | 1448 | firejail configure 0.9.56~rc1 |
1449 | generated by GNU Autoconf 2.69 | 1449 | generated by GNU Autoconf 2.69 |
1450 | 1450 | ||
1451 | Copyright (C) 2012 Free Software Foundation, Inc. | 1451 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1747,7 +1747,7 @@ cat >config.log <<_ACEOF | |||
1747 | This file contains any messages produced by compilers while | 1747 | This file contains any messages produced by compilers while |
1748 | running configure, to aid debugging if configure makes a mistake. | 1748 | running configure, to aid debugging if configure makes a mistake. |
1749 | 1749 | ||
1750 | It was created by firejail $as_me 0.9.55, which was | 1750 | It was created by firejail $as_me 0.9.56~rc1, which was |
1751 | generated by GNU Autoconf 2.69. Invocation command line was | 1751 | generated by GNU Autoconf 2.69. Invocation command line was |
1752 | 1752 | ||
1753 | $ $0 $@ | 1753 | $ $0 $@ |
@@ -4395,7 +4395,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4395 | # report actual input values of CONFIG_FILES etc. instead of their | 4395 | # report actual input values of CONFIG_FILES etc. instead of their |
4396 | # values after options handling. | 4396 | # values after options handling. |
4397 | ac_log=" | 4397 | ac_log=" |
4398 | This file was extended by firejail $as_me 0.9.55, which was | 4398 | This file was extended by firejail $as_me 0.9.56~rc1, which was |
4399 | generated by GNU Autoconf 2.69. Invocation command line was | 4399 | generated by GNU Autoconf 2.69. Invocation command line was |
4400 | 4400 | ||
4401 | CONFIG_FILES = $CONFIG_FILES | 4401 | CONFIG_FILES = $CONFIG_FILES |
@@ -4449,7 +4449,7 @@ _ACEOF | |||
4449 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4449 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4450 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4450 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4451 | ac_cs_version="\\ | 4451 | ac_cs_version="\\ |
4452 | firejail config.status 0.9.55 | 4452 | firejail config.status 0.9.56~rc1 |
4453 | configured by $0, generated by GNU Autoconf 2.69, | 4453 | configured by $0, generated by GNU Autoconf 2.69, |
4454 | with options \\"\$ac_cs_config\\" | 4454 | with options \\"\$ac_cs_config\\" |
4455 | 4455 | ||
diff --git a/configure.ac b/configure.ac index 1b1b48ce2..8c6459335 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.55, netblue30@yahoo.com, , https://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.56~rc1, netblue30@yahoo.com, , https://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/floader/README.md b/src/floader/README.md deleted file mode 100644 index c1e14b2a6..000000000 --- a/src/floader/README.md +++ /dev/null | |||
@@ -1,7 +0,0 @@ | |||
1 | READ ME | ||
2 | ------- | ||
3 | |||
4 | * Run 'make' | ||
5 | * Add comma separated process names to ~/.loader.conf | ||
6 | * export LD_PRELOAD=<path>./loader.so (ideally to .bashrc) | ||
7 | * Run any application within shell | ||
diff --git a/src/floader/loader.c b/src/floader/loader.c deleted file mode 100644 index b9844fa9b..000000000 --- a/src/floader/loader.c +++ /dev/null | |||
@@ -1,161 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2017-2018 Madura A. (madura.x86@gmail.com) | ||
3 | * | ||
4 | */ | ||
5 | #include <sys/types.h> | ||
6 | #include <sys/stat.h> | ||
7 | #include <sys/mman.h> | ||
8 | #include <fcntl.h> | ||
9 | #include <unistd.h> | ||
10 | |||
11 | #include <string.h> | ||
12 | #include <stdio.h> | ||
13 | #include <stdlib.h> | ||
14 | #include <ctype.h> | ||
15 | |||
16 | #define MAX_MATCHES 32 | ||
17 | #define MAX_ARGS 1024 | ||
18 | #define MAX_ARGS_LEN 4096 | ||
19 | static void loader_main() __attribute__((constructor)); | ||
20 | |||
21 | char cmdline[MAX_ARGS_LEN]; | ||
22 | char *args[MAX_ARGS]; | ||
23 | char loader[] = "firejail"; | ||
24 | char confFile[256]; | ||
25 | char *names[MAX_MATCHES]; | ||
26 | |||
27 | #ifdef DEBUG | ||
28 | #define DBG printf | ||
29 | #else | ||
30 | #define DBG | ||
31 | #endif | ||
32 | void remove_trailing_spaces(char *str) | ||
33 | { | ||
34 | while (!isspace(*str)) | ||
35 | { | ||
36 | str++; | ||
37 | } | ||
38 | |||
39 | while (*str != '\0') | ||
40 | { | ||
41 | *str = '\0'; | ||
42 | str++; | ||
43 | } | ||
44 | } | ||
45 | |||
46 | void read_cmdline() | ||
47 | { | ||
48 | int fd = open("/proc/self/cmdline", O_RDONLY); | ||
49 | ssize_t ret = 0, total = 0; | ||
50 | char* wcmdbuf = cmdline; | ||
51 | while ((ret = read(fd, wcmdbuf, 1)) != 0) | ||
52 | { | ||
53 | wcmdbuf++; | ||
54 | total += ret; | ||
55 | if (total > MAX_ARGS_LEN) | ||
56 | { | ||
57 | printf("Not enough memory\n"); | ||
58 | close(fd); | ||
59 | return ; | ||
60 | } | ||
61 | } | ||
62 | close(fd); | ||
63 | } | ||
64 | |||
65 | void make_args() | ||
66 | { | ||
67 | int cI = 0, argI=0; | ||
68 | char* argstart = &cmdline[0]; | ||
69 | for (;cI<MAX_ARGS_LEN;cI++) | ||
70 | { | ||
71 | if (cmdline[cI] == '\0') | ||
72 | { | ||
73 | args[argI]= argstart; | ||
74 | argstart = &cmdline[cI+1]; | ||
75 | argI++; | ||
76 | if (*argstart == '\0') | ||
77 | { | ||
78 | break; | ||
79 | } | ||
80 | } | ||
81 | } | ||
82 | args[argI] = argstart; | ||
83 | argI++; | ||
84 | args[argI] = NULL; | ||
85 | } | ||
86 | |||
87 | void loader_main() | ||
88 | { | ||
89 | snprintf(confFile, 255, "%s/.loader.conf", getenv("HOME")); | ||
90 | |||
91 | struct stat confFileStat; | ||
92 | |||
93 | stat(confFile, &confFileStat); | ||
94 | |||
95 | int confFd = open(confFile, O_RDONLY); | ||
96 | |||
97 | if (confFd == -1) | ||
98 | { | ||
99 | close(confFd); | ||
100 | return; | ||
101 | } | ||
102 | char* conf = (char*) malloc(confFileStat.st_size); | ||
103 | if (conf == NULL) | ||
104 | { | ||
105 | close(confFd); | ||
106 | return; | ||
107 | } | ||
108 | ssize_t ret = read(confFd, conf, confFileStat.st_size); | ||
109 | if (ret == -1) | ||
110 | { | ||
111 | close(confFd); | ||
112 | return; | ||
113 | } | ||
114 | |||
115 | close(confFd); | ||
116 | size_t fI = 0; | ||
117 | int matchId = 0; | ||
118 | names[matchId] = conf; | ||
119 | matchId++; | ||
120 | for (;fI < confFileStat.st_size-1;fI++) | ||
121 | { | ||
122 | if (conf[fI] == ',') | ||
123 | { | ||
124 | names[matchId] = &conf[fI+1]; | ||
125 | conf[fI] = '\0'; | ||
126 | |||
127 | matchId++; | ||
128 | } | ||
129 | } | ||
130 | |||
131 | remove_trailing_spaces(names[matchId-1]); | ||
132 | |||
133 | read_cmdline(); | ||
134 | |||
135 | make_args(); | ||
136 | |||
137 | #ifdef DEBUG | ||
138 | int xarg=0; | ||
139 | while (args[xarg] != NULL) | ||
140 | { | ||
141 | DBG(".%s\n", args[xarg]); | ||
142 | xarg++; | ||
143 | } | ||
144 | #endif | ||
145 | |||
146 | int x; | ||
147 | |||
148 | for (x = 0;x<matchId;x++) | ||
149 | { | ||
150 | DBG("%s\n",names[x]); | ||
151 | if (strstr(args[0], names[x]) != NULL) | ||
152 | { | ||
153 | DBG("highjack!\n"); | ||
154 | |||
155 | free(conf); | ||
156 | |||
157 | execvp(loader, args ); | ||
158 | } | ||
159 | } | ||
160 | |||
161 | } | ||
diff --git a/src/floader/makefile b/src/floader/makefile deleted file mode 100644 index eeb96571d..000000000 --- a/src/floader/makefile +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | all: | ||
2 | gcc -ggdb -shared -fPIC loader.c -o loader.so | ||
3 | |||
4 | debug: | ||
5 | gcc -ggdb -shared -DDEBUG -fPIC loader.c -o loader.so | ||
diff --git a/test/blacklist-link.exp b/test/blacklist-link.exp deleted file mode 100755 index 4252f875a..000000000 --- a/test/blacklist-link.exp +++ /dev/null | |||
@@ -1,82 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # blacklist a directory symlink | ||
8 | send -- "firejail --blacklist=auto2\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls auto2\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "cannot open directory" | ||
19 | } | ||
20 | send -- "exit\r" | ||
21 | sleep 1 | ||
22 | |||
23 | # blacklist a directory symlink from a profile file | ||
24 | send -- "firejail --profile=blacklist3.profile\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 1 | ||
30 | |||
31 | send -- "ls auto2\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "cannot open directory" | ||
35 | } | ||
36 | send -- "exit\r" | ||
37 | sleep 1 | ||
38 | |||
39 | # do not blacklist /bin | ||
40 | send -- "firejail --blacklist=auto3\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "auto3 directory link was not blacklisted" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
47 | "Child process initialized" | ||
48 | } | ||
49 | sleep 1 | ||
50 | |||
51 | send -- "ls auto3; pwd\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 6\n";exit} | ||
54 | "cannot open directory" {puts "TESTING ERROR 6.1\n";exit} | ||
55 | "home" | ||
56 | } | ||
57 | send -- "exit\r" | ||
58 | sleep 1 | ||
59 | |||
60 | # do not blacklist /usr/bin | ||
61 | send -- "firejail --blacklist=auto3\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 7\n";exit} | ||
64 | "auto3 directory link was not blacklisted" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
68 | "Child process initialized" | ||
69 | } | ||
70 | sleep 1 | ||
71 | |||
72 | send -- "ls auto3; pwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 8\n";exit} | ||
75 | "cannot open directory" {puts "TESTING ERROR 9.1\n";exit} | ||
76 | "home" | ||
77 | } | ||
78 | send -- "exit\r" | ||
79 | sleep 1 | ||
80 | |||
81 | |||
82 | puts "all done\n" | ||
diff --git a/test/blacklist.exp b/test/blacklist.exp deleted file mode 100755 index 9c3dddf1f..000000000 --- a/test/blacklist.exp +++ /dev/null | |||
@@ -1,75 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # directory with ~ | ||
8 | send -- "firejail --blacklist=~/.config\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al ~/.config\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "cannot open directory" | ||
19 | } | ||
20 | |||
21 | send -- "exit\r" | ||
22 | sleep 1 | ||
23 | |||
24 | # directory with ~ in profile file | ||
25 | send -- "firejail --profile=blacklist1.profile\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "Child process initialized" | ||
29 | } | ||
30 | sleep 1 | ||
31 | |||
32 | send -- "ls -al ~/.config\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 4\n";exit} | ||
35 | "cannot open directory" | ||
36 | } | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | |||
41 | |||
42 | # directory with space | ||
43 | send -- "firejail \"--blacklist=dir with space\"\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | send -- "ls -al \"dir with space\"\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 6\n";exit} | ||
53 | "cannot open directory" | ||
54 | } | ||
55 | |||
56 | send -- "exit\r" | ||
57 | sleep 1 | ||
58 | |||
59 | # directory with space in profile | ||
60 | send -- "firejail --profile=blacklist2.profile\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 7\n";exit} | ||
63 | "Child process initialized" | ||
64 | } | ||
65 | sleep 1 | ||
66 | |||
67 | send -- "ls -al \"dir with space\"\r" | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 8\n";exit} | ||
70 | "cannot open directory" | ||
71 | } | ||
72 | |||
73 | |||
74 | |||
75 | puts "\n" | ||
diff --git a/test/blacklist1.profile b/test/blacklist1.profile deleted file mode 100644 index f12facd05..000000000 --- a/test/blacklist1.profile +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | blacklist ~/.config | ||
diff --git a/test/blacklist2.profile b/test/blacklist2.profile deleted file mode 100644 index 4bb603db2..000000000 --- a/test/blacklist2.profile +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | blacklist dir with space | ||
diff --git a/test/blacklist3.profile b/test/blacklist3.profile deleted file mode 100644 index 08f754f3f..000000000 --- a/test/blacklist3.profile +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | blacklist auto2 | ||