tighten security

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-24 19:33:30 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-24 20:07:27 +0300
commit: 0ee599684c4ca622ca22d09eba565eb07c1a2b12 (patch)
tree: d60b6544a402e86269be79d44e15c1197d43b54f
parent: SET_PERMS macros (diff)
download: firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.gz
firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.zst
firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.zip
11 files changed, 48 insertions, 132 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index 5ff67b644..22be5b23c 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -130,14 +130,8 @@ static void bandwidth_create_run_file(pid_t pid) {
        /* coverity[toctou] */
        FILE *fp = fopen(fname, "w");
        if (fp) {
+                SET_PERMS_STREAM(fp, 0, 0, 0644);
                fclose(fp);
-        
-                /* coverity[toctou] */
-                if (chmod(fname, 0644) == -1)
-                        errExit("chmod");
-                /* coverity[toctou] */
-                if (chown(fname, 0, 0) == -1)
-                        errExit("chown");
        }
        else {
                fprintf(stderr, "Error: cannot create bandwidth file\n");
@@ -180,12 +174,9 @@ void network_set_run_file(pid_t pid) {
                        fprintf(fp, "%s:%s\n", cfg.bridge2.dev, cfg.bridge2.devsandbox);
                if (cfg.bridge3.configured)
                        fprintf(fp, "%s:%s\n", cfg.bridge3.dev, cfg.bridge3.devsandbox);
-                fclose(fp);
-                if (chmod(fname, 0644) == -1)
+                SET_PERMS_STREAM(fp, 0, 0, 0644);
-                        errExit("chmod");
+                fclose(fp);
-                if (chown(fname, 0, 0) == -1)
-                        errExit("chown");
        }
        else {
                fprintf(stderr, "Error: cannot create network map file\n");
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index ebd87f0d2..d9c7af9cf 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -30,10 +30,9 @@ void save_cgroup(void) {
        if (fp) {
                fprintf(fp, "%s", cfg.cgroup);
                fflush(0);
+                SET_PERMS_STREAM(fp, 0, 0, 0644);
                if (fclose(fp))
                        goto errout;
-                if (chown(RUN_CGROUP_CFG, 0, 0) < 0)
-                        errExit("chown");
        }
        else
                goto errout;
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index 1802ad5e1..cfb03e5fc 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -78,11 +78,8 @@ void save_cpu(void) {
        FILE *fp = fopen(RUN_CPU_CFG, "w");
        if (fp) {
                fprintf(fp, "%x\n", cfg.cpus);
+                SET_PERMS_STREAM(fp, 0, 0, 0600);
                fclose(fp);
-                if (chmod(RUN_CPU_CFG, 0600) < 0)
-                        errExit("chmod");
-                if (chown(RUN_CPU_CFG, 0, 0) < 0)
-                        errExit("chown");
        }
        else {
                fprintf(stderr, "Error: cannot save cpu affinity mask\n");
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 21ab56bd8..27c69d0e1 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -60,14 +60,7 @@ static void create_empty_file(void) {
                if (!fp)
                        errExit("fopen");
-                int fd = fileno(fp);
+                SET_PERMS_STREAM(fp, 0, 0, S_IRUSR);
-                if (fd == -1)
-                        errExit("fileno");
-                if (fchown(fd, 0, 0) < 0)
-                        errExit("chown");
-                if (fchmod(fd, S_IRUSR) < 0)
-                        errExit("chown");
                fclose(fp);
        }
 }
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 6bd407346..b9d8614d4 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -203,14 +203,9 @@ void fs_private_bin_list(void) {
        
        // create /tmp/firejail/mnt/bin directory
        fs_build_mnt_dir();
-        int rv = mkdir(RUN_BIN_DIR, 0755);
+        if (mkdir(RUN_BIN_DIR, 0755) == -1)
-        if (rv == -1)
                errExit("mkdir");
-        if (chown(RUN_BIN_DIR, 0, 0) < 0)
+        ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755);
-                errExit("chown");
-        if (chmod(RUN_BIN_DIR, 0755) < 0)
-                errExit("chmod");
-        
        
        // copy the list of files in the new etc directory
        // using a new child process without root privileges
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index c7a27115f..571848dec 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -32,15 +32,11 @@
 static void create_char_dev(const char *path, mode_t mode, int major, int minor) {
        dev_t dev = makedev(major, minor);
-        int rv = mknod(path, S_IFCHR | mode, dev);
+        if (mknod(path, S_IFCHR | mode, dev) == -1)
-        if (rv == -1)
                goto errexit;
-        
        if (chmod(path, mode) < 0)
                goto errexit;
-        if (chown(path, 0, 0) < 0)
+        ASSERT_PERMS(path, 0, 0, mode);
-                goto errexit;
        return;
        
@@ -78,14 +74,9 @@ void fs_private_dev(void){
        // create DRI_DIR
        fs_build_mnt_dir();
        if (have_dri) {
-                /* coverity[toctou] */
+                if (mkdir(RUN_DRI_DIR, 0755) == -1)
-                rv = mkdir(RUN_DRI_DIR, 0755);
-                if (rv == -1)
                        errExit("mkdir");
-                if (chown(RUN_DRI_DIR, 0, 0) < 0)
+                ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755);
-                        errExit("chown");
-                if (chmod(RUN_DRI_DIR, 0755) < 0)
-                        errExit("chmod");
        
                // keep a copy of /dev/dri under DRI_DIR
                if (mount("/dev/dri", RUN_DRI_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
@@ -94,14 +85,9 @@ void fs_private_dev(void){
        
        // create SND_DIR
        if (have_snd) {
-                /* coverity[toctou] */
+                if (mkdir(RUN_SND_DIR, 0755) == -1)
-                rv = mkdir(RUN_SND_DIR, 0755);
-                if (rv == -1)
                        errExit("mkdir");
-                if (chown(RUN_SND_DIR, 0, 0) < 0)
+                ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755);
-                        errExit("chown");
-                if (chmod(RUN_SND_DIR, 0755) < 0)
-                        errExit("chmod");
        
                // keep a copy of /dev/dri under DRI_DIR
                if (mount("/dev/snd", RUN_SND_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
@@ -143,13 +129,9 @@ void fs_private_dev(void){
        // bring back the /dev/snd directory
        if (have_snd) {
                /* coverity[toctou] */
-                rv = mkdir("/dev/snd", 0755);
+                if (mkdir("/dev/snd", 0755) == -1)
-                if (rv == -1)
                        errExit("mkdir");
-                if (chown("/dev/snd", 0, 0) < 0)
+                ASSERT_PERMS("/dev/snd", 0, 0, 0755);
-                        errExit("chown");
-                if (chmod("/dev/snd",0755) < 0)
-                        errExit("chmod");
                if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND|MS_REC, NULL) < 0)
                        errExit("mounting /dev/snd");
                fs_logger("whitelist /dev/snd");
@@ -157,14 +139,9 @@ void fs_private_dev(void){
        // bring back the /dev/dri directory
        if (have_dri) {
-                /* coverity[toctou] */
+                if (mkdir("/dev/dri", 0755) == -1)
-                rv = mkdir("/dev/dri", 0755);
-                if (rv == -1)
                        errExit("mkdir");
-                if (chown("/dev/dri", 0, 0) < 0)
+                ASSERT_PERMS("/dev/dri", 0, 0, 0755);
-                        errExit("chown");
-                if (chmod("/dev/dri",0755) < 0)
-                        errExit("chmod");
                if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0)
                        errExit("mounting /dev/dri");
                fs_logger("whitelist /dev/dri");
@@ -173,13 +150,12 @@ void fs_private_dev(void){
        // create /dev/shm
        if (arg_debug)
                printf("Create /dev/shm directory\n");
-        rv = mkdir("/dev/shm", 01777);
+        if (mkdir("/dev/shm", 01777) == -1)
-        if (rv == -1)
                errExit("mkdir");
-        if (chown("/dev/shm", 0, 0) < 0)
+        // mkdir sets only the file permission bits
-                errExit("chown");
        if (chmod("/dev/shm", 01777) < 0)
                errExit("chmod");
+        ASSERT_PERMS("/dev/shm", 0, 0, 01777);
        fs_logger("mkdir /dev/shm");
        // create devices
@@ -201,13 +177,9 @@ void fs_private_dev(void){
 #endif
        // pseudo-terminal
-        rv = mkdir("/dev/pts", 0755);
+        if (mkdir("/dev/pts", 0755) == -1)
-        if (rv == -1)
                errExit("mkdir");
-        if (chown("/dev/pts", 0, 0) < 0)
+        ASSERT_PERMS("/dev/pts", 0, 0, 0755);
-                errExit("chown");
-        if (chmod("/dev/pts", 0755) < 0)
-                errExit("chmod");
        fs_logger("mkdir /dev/pts");
        create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");
        fs_logger("mknod /dev/pts/ptmx");
@@ -258,10 +230,10 @@ void fs_dev_shm(void) {
                                // create directory
                                if (mkdir(lnk, 01777))
                                        errExit("mkdir");
-                                if (chown(lnk, 0, 0))
+                                // mkdir sets only the file permission bits
-                                        errExit("chown");
                                if (chmod(lnk, 01777))
                                        errExit("chmod");
+                                ASSERT_PERMS(lnk, 0, 0, 01777);
                        }
                        if (arg_debug)
                                printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 6b9a4395b..d5b348ee2 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -130,13 +130,9 @@ void fs_private_etc_list(void) {
        // create /tmp/firejail/mnt/etc directory
        fs_build_mnt_dir();
-        int rv = mkdir(RUN_ETC_DIR, 0755);
+        if (mkdir(RUN_ETC_DIR, 0755) == -1)
-        if (rv == -1)
                errExit("mkdir");
-        if (chown(RUN_ETC_DIR, 0, 0) < 0)
+        ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755);
-                errExit("chown");
-        if (chmod(RUN_ETC_DIR, 0755) < 0)
-                errExit("chmod");
        fs_logger("tmpfs /etc");
        
        fs_logger_print();      // save the current log
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 75d69e021..85fa244be 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -51,11 +51,8 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
                        FILE *fp = fopen(fname, "w");
                        if (fp) {
                                fprintf(fp, "\n");
+                                SET_PERMS_STREAM(fp, u, g, S_IRUSR | S_IWUSR);
                                fclose(fp);
-                                if (chown(fname, u, g) == -1)
-                                        errExit("chown");
-                                if (chmod(fname, S_IRUSR | S_IWUSR) < 0)
-                                        errExit("chown");
                                fs_logger2("touch", fname);
                        }
                }
@@ -80,11 +77,8 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
                        FILE *fp = fopen(fname, "w");
                        if (fp) {
                                fprintf(fp, "\n");
+                                SET_PERMS_STREAM(fp, u, g, S_IRUSR | S_IWUSR);
                                fclose(fp);
-                                if (chown(fname, u, g) == -1)
-                                        errExit("chown");
-                                if (chmod(fname, S_IRUSR | S_IWUSR) < 0)
-                                        errExit("chown");
                                fs_logger2("touch", fname);
                        }
                }
@@ -177,17 +171,12 @@ static void copy_xauthority(void) {
        char *dest;
        if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
                errExit("asprintf");
-        int rv = copy_file(src, dest, -1, -1, 0600);
+        // copy, set permissions and ownership
+        int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
        if (rv)
                fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
        else {
                fs_logger2("clone", dest);
-        
-                // set permissions and ownership
-                if (chown(dest, getuid(), getgid()) < 0)
-                        errExit("chown");
-                if (chmod(dest, S_IRUSR | S_IWUSR) < 0)
-                        errExit("chmod");
        }
        
        // delete the temporary file
@@ -200,17 +189,12 @@ static void copy_asoundrc(void) {
        char *dest;
        if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
                errExit("asprintf");
-        int rv = copy_file(src, dest, -1 , -1, 0644);
+        // copy, set permissions and ownership
+        int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
        if (rv)
                fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
        else {
                fs_logger2("clone", dest);
-        
-                // set permissions and ownership
-                if (chown(dest, getuid(), getgid()) < 0)
-                        errExit("chown");
-                if (chmod(dest, S_IRUSR | S_IWUSR) < 0)
-                        errExit("chmod");
        }
        // delete the temporary file
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index aa391c0cb..87d3742e4 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -40,14 +40,10 @@ void fs_hostname(const char *hostname) {
                        exit(1);
                }
                fprintf(fp, "%s\n", hostname);
-                fclose(fp);
-                
                // mode and owner
-                if (chown(RUN_HOSTNAME_FILE, 0, 0) < 0)
+                SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
-                        errExit("chown");
+                fclose(fp);
-                if (chmod(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH ) < 0)
-                        errExit("chmod");
-                
                // bind-mount the file on top of /etc/hostname
                if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0)
                        errExit("mount bind /etc/hostname");
@@ -88,13 +84,9 @@ void fs_hostname(const char *hostname) {
                                fprintf(fp2, "%s\n", buf);
                }
                fclose(fp1);
-                fclose(fp2);
-                
                // mode and owner
-                if (chown(RUN_HOSTS_FILE, 0, 0) < 0)
+                SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
-                        errExit("chown");
+                fclose(fp2);
-                if (chmod(RUN_HOSTS_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH ) < 0)
-                        errExit("chmod");
                
                // bind-mount the file on top of /etc/hostname
                if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND|MS_REC, NULL) < 0)
@@ -126,13 +118,11 @@ void fs_resolvconf(void) {
                        fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns2));
                if (cfg.dns3)
                        fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns3));
-                fclose(fp);
-                
                // mode and owner
-                if (chown(RUN_RESOLVCONF_FILE, 0, 0) < 0)
+                SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
-                        errExit("chown");
-                if (chmod(RUN_RESOLVCONF_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH ) < 0)
+                fclose(fp);
-                        errExit("chmod");
                
                // bind-mount the file on top of /etc/hostname
                if (mount(RUN_RESOLVCONF_FILE, "/etc/resolv.conf", NULL, MS_BIND|MS_REC, NULL) < 0)
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 30b0fe438..9f33b36d9 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -97,11 +97,7 @@ void fs_logger_print(void) {
                perror("fopen");                
                return;
        }
-        
+        SET_PERMS_STREAM_NOERR(fp, getuid(), getgid(), 0644);
-        int rv = chown(RUN_FSLOGGER_FILE, getuid(), getgid());
-        (void) rv; // best effort!
-        rv = chmod(RUN_FSLOGGER_FILE, 0644);
-        (void) rv; // best effort!
        
        FsMsg *ptr = head;
        while (ptr) {
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 5bc2df2cc..b2a5927e6 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -119,9 +119,12 @@ void fs_mkfile(const char *name) {
                if (!fp)
                        fprintf(stderr, "Warning: cannot create %s file\n", expanded);
                else {
-                        fclose(fp);
+                        int fd = fileno(fp);
-                        int rv = chmod(expanded, 0600);
+                        if (fd == -1)
+                                errExit("fileno");
+                        int rv = fchmod(fd, 0600);
                        (void) rv;
+                        fclose(fp);
                }
                exit(0);
        }
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-24 19:33:30 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-24 20:07:27 +0300
commit	0ee599684c4ca622ca22d09eba565eb07c1a2b12 (patch)
tree	d60b6544a402e86269be79d44e15c1197d43b54f
parent	SET_PERMS macros (diff)
download	firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.gz firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.zst firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.zip

diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 5ff67b644..22be5b23c 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c
@@ -130,14 +130,8 @@ static void bandwidth_create_run_file(pid_t pid) {
130	/* coverity[toctou] */	130	/* coverity[toctou] */
131	FILE *fp = fopen(fname, "w");	131	FILE *fp = fopen(fname, "w");
132	if (fp) {	132	if (fp) {
		133	SET_PERMS_STREAM(fp, 0, 0, 0644);
133	fclose(fp);	134	fclose(fp);
134
135	/* coverity[toctou] */
136	if (chmod(fname, 0644) == -1)
137	errExit("chmod");
138	/* coverity[toctou] */
139	if (chown(fname, 0, 0) == -1)
140	errExit("chown");
141	}	135	}
142	else {	136	else {
143	fprintf(stderr, "Error: cannot create bandwidth file\n");	137	fprintf(stderr, "Error: cannot create bandwidth file\n");
@@ -180,12 +174,9 @@ void network_set_run_file(pid_t pid) {
180	fprintf(fp, "%s:%s\n", cfg.bridge2.dev, cfg.bridge2.devsandbox);	174	fprintf(fp, "%s:%s\n", cfg.bridge2.dev, cfg.bridge2.devsandbox);
181	if (cfg.bridge3.configured)	175	if (cfg.bridge3.configured)
182	fprintf(fp, "%s:%s\n", cfg.bridge3.dev, cfg.bridge3.devsandbox);	176	fprintf(fp, "%s:%s\n", cfg.bridge3.dev, cfg.bridge3.devsandbox);
183	fclose(fp);
184		177
185	if (chmod(fname, 0644) == -1)	178	SET_PERMS_STREAM(fp, 0, 0, 0644);
186	errExit("chmod");	179	fclose(fp);
187	if (chown(fname, 0, 0) == -1)
188	errExit("chown");
189	}	180	}
190	else {	181	else {
191	fprintf(stderr, "Error: cannot create network map file\n");	182	fprintf(stderr, "Error: cannot create network map file\n");


diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c index ebd87f0d2..d9c7af9cf 100644 --- a/src/firejail/cgroup.c +++ b/src/firejail/cgroup.c
@@ -30,10 +30,9 @@ void save_cgroup(void) {
30	if (fp) {	30	if (fp) {
31	fprintf(fp, "%s", cfg.cgroup);	31	fprintf(fp, "%s", cfg.cgroup);
32	fflush(0);	32	fflush(0);
		33	SET_PERMS_STREAM(fp, 0, 0, 0644);
33	if (fclose(fp))	34	if (fclose(fp))
34	goto errout;	35	goto errout;
35	if (chown(RUN_CGROUP_CFG, 0, 0) < 0)
36	errExit("chown");
37	}	36	}
38	else	37	else
39	goto errout;	38	goto errout;


diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index 1802ad5e1..cfb03e5fc 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c
@@ -78,11 +78,8 @@ void save_cpu(void) {
78	FILE *fp = fopen(RUN_CPU_CFG, "w");	78	FILE *fp = fopen(RUN_CPU_CFG, "w");
79	if (fp) {	79	if (fp) {
80	fprintf(fp, "%x\n", cfg.cpus);	80	fprintf(fp, "%x\n", cfg.cpus);
		81	SET_PERMS_STREAM(fp, 0, 0, 0600);
81	fclose(fp);	82	fclose(fp);
82	if (chmod(RUN_CPU_CFG, 0600) < 0)
83	errExit("chmod");
84	if (chown(RUN_CPU_CFG, 0, 0) < 0)
85	errExit("chown");
86	}	83	}
87	else {	84	else {
88	fprintf(stderr, "Error: cannot save cpu affinity mask\n");	85	fprintf(stderr, "Error: cannot save cpu affinity mask\n");


diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 21ab56bd8..27c69d0e1 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -60,14 +60,7 @@ static void create_empty_file(void) {
60	if (!fp)	60	if (!fp)
61	errExit("fopen");	61	errExit("fopen");
62		62
63	int fd = fileno(fp);	63	SET_PERMS_STREAM(fp, 0, 0, S_IRUSR);
64	if (fd == -1)
65	errExit("fileno");
66	if (fchown(fd, 0, 0) < 0)
67	errExit("chown");
68	if (fchmod(fd, S_IRUSR) < 0)
69	errExit("chown");
70
71	fclose(fp);	64	fclose(fp);
72	}	65	}
73	}	66	}


diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 6bd407346..b9d8614d4 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c
@@ -203,14 +203,9 @@ void fs_private_bin_list(void) {
203		203
204	// create /tmp/firejail/mnt/bin directory	204	// create /tmp/firejail/mnt/bin directory
205	fs_build_mnt_dir();	205	fs_build_mnt_dir();
206	int rv = mkdir(RUN_BIN_DIR, 0755);	206	if (mkdir(RUN_BIN_DIR, 0755) == -1)
207	if (rv == -1)
208	errExit("mkdir");	207	errExit("mkdir");
209	if (chown(RUN_BIN_DIR, 0, 0) < 0)	208	ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755);
210	errExit("chown");
211	if (chmod(RUN_BIN_DIR, 0755) < 0)
212	errExit("chmod");
213
214		209
215	// copy the list of files in the new etc directory	210	// copy the list of files in the new etc directory
216	// using a new child process without root privileges	211	// using a new child process without root privileges


diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index c7a27115f..571848dec 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c
@@ -32,15 +32,11 @@
32		32
33	static void create_char_dev(const char *path, mode_t mode, int major, int minor) {	33	static void create_char_dev(const char *path, mode_t mode, int major, int minor) {
34	dev_t dev = makedev(major, minor);	34	dev_t dev = makedev(major, minor);
35	int rv = mknod(path, S_IFCHR \| mode, dev);	35	if (mknod(path, S_IFCHR \| mode, dev) == -1)
36	if (rv == -1)
37	goto errexit;	36	goto errexit;
38
39
40	if (chmod(path, mode) < 0)	37	if (chmod(path, mode) < 0)
41	goto errexit;	38	goto errexit;
42	if (chown(path, 0, 0) < 0)	39	ASSERT_PERMS(path, 0, 0, mode);
43	goto errexit;
44		40
45	return;	41	return;
46		42
@@ -78,14 +74,9 @@ void fs_private_dev(void){
78	// create DRI_DIR	74	// create DRI_DIR
79	fs_build_mnt_dir();	75	fs_build_mnt_dir();
80	if (have_dri) {	76	if (have_dri) {
81	/* coverity[toctou] */	77	if (mkdir(RUN_DRI_DIR, 0755) == -1)
82	rv = mkdir(RUN_DRI_DIR, 0755);
83	if (rv == -1)
84	errExit("mkdir");	78	errExit("mkdir");
85	if (chown(RUN_DRI_DIR, 0, 0) < 0)	79	ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755);
86	errExit("chown");
87	if (chmod(RUN_DRI_DIR, 0755) < 0)
88	errExit("chmod");
89		80
90	// keep a copy of /dev/dri under DRI_DIR	81	// keep a copy of /dev/dri under DRI_DIR
91	if (mount("/dev/dri", RUN_DRI_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)	82	if (mount("/dev/dri", RUN_DRI_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)
@@ -94,14 +85,9 @@ void fs_private_dev(void){
94		85
95	// create SND_DIR	86	// create SND_DIR
96	if (have_snd) {	87	if (have_snd) {
97	/* coverity[toctou] */	88	if (mkdir(RUN_SND_DIR, 0755) == -1)
98	rv = mkdir(RUN_SND_DIR, 0755);
99	if (rv == -1)
100	errExit("mkdir");	89	errExit("mkdir");
101	if (chown(RUN_SND_DIR, 0, 0) < 0)	90	ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755);
102	errExit("chown");
103	if (chmod(RUN_SND_DIR, 0755) < 0)
104	errExit("chmod");
105		91
106	// keep a copy of /dev/dri under DRI_DIR	92	// keep a copy of /dev/dri under DRI_DIR
107	if (mount("/dev/snd", RUN_SND_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)	93	if (mount("/dev/snd", RUN_SND_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)
@@ -143,13 +129,9 @@ void fs_private_dev(void){
143	// bring back the /dev/snd directory	129	// bring back the /dev/snd directory
144	if (have_snd) {	130	if (have_snd) {
145	/* coverity[toctou] */	131	/* coverity[toctou] */
146	rv = mkdir("/dev/snd", 0755);	132	if (mkdir("/dev/snd", 0755) == -1)
147	if (rv == -1)
148	errExit("mkdir");	133	errExit("mkdir");
149	if (chown("/dev/snd", 0, 0) < 0)	134	ASSERT_PERMS("/dev/snd", 0, 0, 0755);
150	errExit("chown");
151	if (chmod("/dev/snd",0755) < 0)
152	errExit("chmod");
153	if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND\|MS_REC, NULL) < 0)	135	if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND\|MS_REC, NULL) < 0)
154	errExit("mounting /dev/snd");	136	errExit("mounting /dev/snd");
155	fs_logger("whitelist /dev/snd");	137	fs_logger("whitelist /dev/snd");
@@ -157,14 +139,9 @@ void fs_private_dev(void){
157		139
158	// bring back the /dev/dri directory	140	// bring back the /dev/dri directory
159	if (have_dri) {	141	if (have_dri) {
160	/* coverity[toctou] */	142	if (mkdir("/dev/dri", 0755) == -1)
161	rv = mkdir("/dev/dri", 0755);
162	if (rv == -1)
163	errExit("mkdir");	143	errExit("mkdir");
164	if (chown("/dev/dri", 0, 0) < 0)	144	ASSERT_PERMS("/dev/dri", 0, 0, 0755);
165	errExit("chown");
166	if (chmod("/dev/dri",0755) < 0)
167	errExit("chmod");
168	if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND\|MS_REC, NULL) < 0)	145	if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND\|MS_REC, NULL) < 0)
169	errExit("mounting /dev/dri");	146	errExit("mounting /dev/dri");
170	fs_logger("whitelist /dev/dri");	147	fs_logger("whitelist /dev/dri");
@@ -173,13 +150,12 @@ void fs_private_dev(void){
173	// create /dev/shm	150	// create /dev/shm
174	if (arg_debug)	151	if (arg_debug)
175	printf("Create /dev/shm directory\n");	152	printf("Create /dev/shm directory\n");
176	rv = mkdir("/dev/shm", 01777);	153	if (mkdir("/dev/shm", 01777) == -1)
177	if (rv == -1)
178	errExit("mkdir");	154	errExit("mkdir");
179	if (chown("/dev/shm", 0, 0) < 0)	155	// mkdir sets only the file permission bits
180	errExit("chown");
181	if (chmod("/dev/shm", 01777) < 0)	156	if (chmod("/dev/shm", 01777) < 0)
182	errExit("chmod");	157	errExit("chmod");
		158	ASSERT_PERMS("/dev/shm", 0, 0, 01777);
183	fs_logger("mkdir /dev/shm");	159	fs_logger("mkdir /dev/shm");
184		160
185	// create devices	161	// create devices
@@ -201,13 +177,9 @@ void fs_private_dev(void){
201	#endif	177	#endif
202		178
203	// pseudo-terminal	179	// pseudo-terminal
204	rv = mkdir("/dev/pts", 0755);	180	if (mkdir("/dev/pts", 0755) == -1)
205	if (rv == -1)
206	errExit("mkdir");	181	errExit("mkdir");
207	if (chown("/dev/pts", 0, 0) < 0)	182	ASSERT_PERMS("/dev/pts", 0, 0, 0755);
208	errExit("chown");
209	if (chmod("/dev/pts", 0755) < 0)
210	errExit("chmod");
211	fs_logger("mkdir /dev/pts");	183	fs_logger("mkdir /dev/pts");
212	create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");	184	create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");
213	fs_logger("mknod /dev/pts/ptmx");	185	fs_logger("mknod /dev/pts/ptmx");
@@ -258,10 +230,10 @@ void fs_dev_shm(void) {
258	// create directory	230	// create directory
259	if (mkdir(lnk, 01777))	231	if (mkdir(lnk, 01777))
260	errExit("mkdir");	232	errExit("mkdir");
261	if (chown(lnk, 0, 0))	233	// mkdir sets only the file permission bits
262	errExit("chown");
263	if (chmod(lnk, 01777))	234	if (chmod(lnk, 01777))
264	errExit("chmod");	235	errExit("chmod");
		236	ASSERT_PERMS(lnk, 0, 0, 01777);
265	}	237	}
266	if (arg_debug)	238	if (arg_debug)
267	printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk);	239	printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk);


diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 6b9a4395b..d5b348ee2 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -130,13 +130,9 @@ void fs_private_etc_list(void) {
130		130
131	// create /tmp/firejail/mnt/etc directory	131	// create /tmp/firejail/mnt/etc directory
132	fs_build_mnt_dir();	132	fs_build_mnt_dir();
133	int rv = mkdir(RUN_ETC_DIR, 0755);	133	if (mkdir(RUN_ETC_DIR, 0755) == -1)
134	if (rv == -1)
135	errExit("mkdir");	134	errExit("mkdir");
136	if (chown(RUN_ETC_DIR, 0, 0) < 0)	135	ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755);
137	errExit("chown");
138	if (chmod(RUN_ETC_DIR, 0755) < 0)
139	errExit("chmod");
140	fs_logger("tmpfs /etc");	136	fs_logger("tmpfs /etc");
141		137
142	fs_logger_print(); // save the current log	138	fs_logger_print(); // save the current log


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 75d69e021..85fa244be 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -51,11 +51,8 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
51	FILE *fp = fopen(fname, "w");	51	FILE *fp = fopen(fname, "w");
52	if (fp) {	52	if (fp) {
53	fprintf(fp, "\n");	53	fprintf(fp, "\n");
		54	SET_PERMS_STREAM(fp, u, g, S_IRUSR \| S_IWUSR);
54	fclose(fp);	55	fclose(fp);
55	if (chown(fname, u, g) == -1)
56	errExit("chown");
57	if (chmod(fname, S_IRUSR \| S_IWUSR) < 0)
58	errExit("chown");
59	fs_logger2("touch", fname);	56	fs_logger2("touch", fname);
60	}	57	}
61	}	58	}
@@ -80,11 +77,8 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
80	FILE *fp = fopen(fname, "w");	77	FILE *fp = fopen(fname, "w");
81	if (fp) {	78	if (fp) {
82	fprintf(fp, "\n");	79	fprintf(fp, "\n");
		80	SET_PERMS_STREAM(fp, u, g, S_IRUSR \| S_IWUSR);
83	fclose(fp);	81	fclose(fp);
84	if (chown(fname, u, g) == -1)
85	errExit("chown");
86	if (chmod(fname, S_IRUSR \| S_IWUSR) < 0)
87	errExit("chown");
88	fs_logger2("touch", fname);	82	fs_logger2("touch", fname);
89	}	83	}
90	}	84	}
@@ -177,17 +171,12 @@ static void copy_xauthority(void) {
177	char *dest;	171	char *dest;
178	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)	172	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
179	errExit("asprintf");	173	errExit("asprintf");
180	int rv = copy_file(src, dest, -1, -1, 0600);	174	// copy, set permissions and ownership
		175	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);
181	if (rv)	176	if (rv)
182	fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");	177	fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
183	else {	178	else {
184	fs_logger2("clone", dest);	179	fs_logger2("clone", dest);
185
186	// set permissions and ownership
187	if (chown(dest, getuid(), getgid()) < 0)
188	errExit("chown");
189	if (chmod(dest, S_IRUSR \| S_IWUSR) < 0)
190	errExit("chmod");
191	}	180	}
192		181
193	// delete the temporary file	182	// delete the temporary file
@@ -200,17 +189,12 @@ static void copy_asoundrc(void) {
200	char *dest;	189	char *dest;
201	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)	190	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
202	errExit("asprintf");	191	errExit("asprintf");
203	int rv = copy_file(src, dest, -1 , -1, 0644);	192	// copy, set permissions and ownership
		193	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);
204	if (rv)	194	if (rv)
205	fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");	195	fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
206	else {	196	else {
207	fs_logger2("clone", dest);	197	fs_logger2("clone", dest);
208
209	// set permissions and ownership
210	if (chown(dest, getuid(), getgid()) < 0)
211	errExit("chown");
212	if (chmod(dest, S_IRUSR \| S_IWUSR) < 0)
213	errExit("chmod");
214	}	198	}
215		199
216	// delete the temporary file	200	// delete the temporary file


diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index aa391c0cb..87d3742e4 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c
@@ -40,14 +40,10 @@ void fs_hostname(const char *hostname) {
40	exit(1);	40	exit(1);
41	}	41	}
42	fprintf(fp, "%s\n", hostname);	42	fprintf(fp, "%s\n", hostname);
43	fclose(fp);
44
45	// mode and owner	43	// mode and owner
46	if (chown(RUN_HOSTNAME_FILE, 0, 0) < 0)	44	SET_PERMS_STREAM(fp, 0, 0, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);
47	errExit("chown");	45	fclose(fp);
48	if (chmod(RUN_HOSTNAME_FILE, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH ) < 0)	46
49	errExit("chmod");
50
51	// bind-mount the file on top of /etc/hostname	47	// bind-mount the file on top of /etc/hostname
52	if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND\|MS_REC, NULL) < 0)	48	if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND\|MS_REC, NULL) < 0)
53	errExit("mount bind /etc/hostname");	49	errExit("mount bind /etc/hostname");
@@ -88,13 +84,9 @@ void fs_hostname(const char *hostname) {
88	fprintf(fp2, "%s\n", buf);	84	fprintf(fp2, "%s\n", buf);
89	}	85	}
90	fclose(fp1);	86	fclose(fp1);
91	fclose(fp2);
92
93	// mode and owner	87	// mode and owner
94	if (chown(RUN_HOSTS_FILE, 0, 0) < 0)	88	SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);
95	errExit("chown");	89	fclose(fp2);
96	if (chmod(RUN_HOSTS_FILE, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH ) < 0)
97	errExit("chmod");
98		90
99	// bind-mount the file on top of /etc/hostname	91	// bind-mount the file on top of /etc/hostname
100	if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND\|MS_REC, NULL) < 0)	92	if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND\|MS_REC, NULL) < 0)
@@ -126,13 +118,11 @@ void fs_resolvconf(void) {
126	fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns2));	118	fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns2));
127	if (cfg.dns3)	119	if (cfg.dns3)
128	fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns3));	120	fprintf(fp, "nameserver %d.%d.%d.%d\n", PRINT_IP(cfg.dns3));
129	fclose(fp);	121
130
131	// mode and owner	122	// mode and owner
132	if (chown(RUN_RESOLVCONF_FILE, 0, 0) < 0)	123	SET_PERMS_STREAM(fp, 0, 0, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);
133	errExit("chown");	124
134	if (chmod(RUN_RESOLVCONF_FILE, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH ) < 0)	125	fclose(fp);
135	errExit("chmod");
136		126
137	// bind-mount the file on top of /etc/hostname	127	// bind-mount the file on top of /etc/hostname
138	if (mount(RUN_RESOLVCONF_FILE, "/etc/resolv.conf", NULL, MS_BIND\|MS_REC, NULL) < 0)	128	if (mount(RUN_RESOLVCONF_FILE, "/etc/resolv.conf", NULL, MS_BIND\|MS_REC, NULL) < 0)


diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 30b0fe438..9f33b36d9 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c
@@ -97,11 +97,7 @@ void fs_logger_print(void) {
97	perror("fopen");	97	perror("fopen");
98	return;	98	return;
99	}	99	}
100		100	SET_PERMS_STREAM_NOERR(fp, getuid(), getgid(), 0644);
101	int rv = chown(RUN_FSLOGGER_FILE, getuid(), getgid());
102	(void) rv; // best effort!
103	rv = chmod(RUN_FSLOGGER_FILE, 0644);
104	(void) rv; // best effort!
105		101
106	FsMsg *ptr = head;	102	FsMsg *ptr = head;
107	while (ptr) {	103	while (ptr) {


diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 5bc2df2cc..b2a5927e6 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c
@@ -119,9 +119,12 @@ void fs_mkfile(const char *name) {
119	if (!fp)	119	if (!fp)
120	fprintf(stderr, "Warning: cannot create %s file\n", expanded);	120	fprintf(stderr, "Warning: cannot create %s file\n", expanded);
121	else {	121	else {
122	fclose(fp);	122	int fd = fileno(fp);
123	int rv = chmod(expanded, 0600);	123	if (fd == -1)
		124	errExit("fileno");
		125	int rv = fchmod(fd, 0600);
124	(void) rv;	126	(void) rv;
		127	fclose(fp);
125	}	128	}
126	exit(0);	129	exit(0);
127	}	130	}