diff options
| author |  Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-20 14:20:24 +0300 |
|---|---|---|
| committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-20 14:20:24 +0300 |
| commit | 1c030e81348376f64288ad70f88deb7bfb6cff08 (patch) | |
| tree | 648443d46b1e13be50045378c36f75440bba228b | |
| parent | small fixes for command args (diff) | |
| download | firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.tar.gz firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.tar.zst firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.zip | |
audit for existing sandbox
| -rw-r--r-- | src/firejail/join.c | 82 |
1 files changed, 18 insertions, 64 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 632715fea..672913480 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
| @@ -333,77 +333,31 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
| 333 | // run cmdline trough shell | 333 | // run cmdline trough shell |
| 334 | if (cfg.command_line == NULL) { | 334 | if (cfg.command_line == NULL) { |
| 335 | assert(cfg.shell); | 335 | assert(cfg.shell); |
| 336 | cfg.command_line = cfg.shell; | ||
| 337 | cfg.window_title = cfg.shell; | ||
| 338 | } | ||
| 336 | 339 | ||
| 337 | // replace the process with a shell | 340 | int cwd = 0; |
| 338 | execlp(cfg.shell, cfg.shell, NULL); | 341 | if (cfg.cwd) { |
| 339 | 342 | if (chdir(cfg.cwd) == 0) | |
| 340 | // it should never get here | 343 | cwd = 1; |
| 341 | errExit("execlp"); | ||
| 342 | } | 344 | } |
| 343 | else { | ||
| 344 | // run the command supplied by the user | ||
| 345 | int cwd = 0; | ||
| 346 | if (cfg.cwd) { | ||
| 347 | if (chdir(cfg.cwd) == 0) | ||
| 348 | cwd = 1; | ||
| 349 | } | ||
| 350 | |||
| 351 | if (!cwd) { | ||
| 352 | if (chdir("/") < 0) | ||
| 353 | errExit("chdir"); | ||
| 354 | if (cfg.homedir) { | ||
| 355 | struct stat s; | ||
| 356 | if (stat(cfg.homedir, &s) == 0) { | ||
| 357 | if (chdir(cfg.homedir) < 0) | ||
| 358 | errExit("chdir"); | ||
| 359 | } | ||
| 360 | } | ||
| 361 | } | ||
| 362 | 345 | ||
| 363 | if (arg_shell_none) { | 346 | if (!cwd) { |
| 364 | if (arg_debug) { | 347 | if (chdir("/") < 0) |
| 365 | int i; | 348 | errExit("chdir"); |
| 366 | for (i = cfg.original_program_index; i < cfg.original_argc; i++) { | 349 | if (cfg.homedir) { |
| 367 | if (cfg.original_argv[i] == NULL) | 350 | struct stat s; |
| 368 | break; | 351 | if (stat(cfg.homedir, &s) == 0) { |
| 369 | printf("execvp argument %d: %s\n", i - cfg.original_program_index, cfg.original_argv[i]); | 352 | /* coverity[toctou] */ |
| 370 | } | 353 | if (chdir(cfg.homedir) < 0) |
| 371 | } | 354 | errExit("chdir"); |
| 372 | |||
| 373 | if (cfg.original_program_index == 0) { | ||
| 374 | fprintf(stderr, "Error: --shell=none configured, but no program specified\n"); | ||
| 375 | exit(1); | ||
| 376 | } | ||
| 377 | |||
| 378 | if (!arg_command && !arg_quiet) | ||
| 379 | printf("Child process initialized\n"); | ||
| 380 | |||
| 381 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); | ||
| 382 | exit(1); | ||
| 383 | } else { | ||
| 384 | assert(cfg.shell); | ||
| 385 | |||
| 386 | char *arg[5]; | ||
| 387 | arg[0] = cfg.shell; | ||
| 388 | arg[1] = "-c"; | ||
| 389 | if (arg_debug) | ||
| 390 | printf("Starting %s\n", cfg.command_line); | ||
| 391 | if (!arg_doubledash) { | ||
| 392 | arg[2] = cfg.command_line; | ||
| 393 | arg[3] = NULL; | ||
| 394 | } | ||
| 395 | else { | ||
| 396 | arg[2] = "--"; | ||
| 397 | arg[3] = cfg.command_line; | ||
| 398 | arg[4] = NULL; | ||
| 399 | } | 355 | } |
| 400 | execvp(arg[0], arg); | ||
| 401 | |||
| 402 | // it should never get here | ||
| 403 | errExit("execvp"); | ||
| 404 | } | 356 | } |
| 405 | } | 357 | } |
| 406 | 358 | ||
| 359 | start_application(); | ||
| 360 | |||
| 407 | // it will never get here!!! | 361 | // it will never get here!!! |
| 408 | } | 362 | } |
| 409 | 363 | ||