ASSERT_PERMS macros

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-23 19:46:43 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-24 00:47:30 +0300
commit: 9e025dab2a228092058d170daa78290a33e626b3 (patch)
tree: c2df004901452d94cfd2fc9608189cfa34dd36b1
parent: remove unneeded chown (diff)
download: firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.gz
firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.zst
firejail-9e025dab2a228092058d170daa78290a33e626b3.zip
2 files changed, 23 insertions, 1 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 37e3de5d8..513a5a8a2 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -81,6 +81,7 @@ void appimage_set(const char *appimage_path) {
                fprintf(stderr, "Error: cannot create temporary directory\n");
                exit(1);
        }
+        ASSERT_PERMS(mntdir, getuid(), getgid(), 0700);
        
        char *mode;
        if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 8e30e929a..4bc953e24 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -75,6 +75,27 @@
 #define DEFAULT_ROOT_PROFILE    "server"
 #define MAX_INCLUDE_LEVEL 6             // include levels in profile files
+#define ASSERT_PERMS(file, uid, gid, mode) \
+        do { \
+                assert(file);\
+                struct stat s;\
+                if (stat(file, &s) == -1) errExit("stat");\
+                assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
+        } while (0)
+#define ASSERT_PERMS_FD(fd, uid, gid, mode) \
+        do { \
+                struct stat s;\
+                if (stat(fd, &s) == -1) errExit("stat");\
+                assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
+        } while (0)
+#define ASSERT_PERMS_STREAM(file, uid, gid, mode) \
+        do { \
+                int fd = fileno(file);\
+                if (fd == -1) errExit("fileno");\
+                ASSERT_PERMS_FD(fd, uid, gid, mode);\
+        } while (0)
 // main.c
 typedef struct bridge_t {
        // on the host
@@ -386,7 +407,7 @@ void logsignal(int s);
 void logmsg(const char *msg);
 void logargs(int argc, char **argv) ;
 void logerr(const char *msg);
-int copy_file(const char *srcname, const char *destname);
+int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode);
 int is_dir(const char *fname);
 int is_link(const char *fname);
 char *line_remove_spaces(const char *buf);
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-23 19:46:43 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-24 00:47:30 +0300
commit	9e025dab2a228092058d170daa78290a33e626b3 (patch)
tree	c2df004901452d94cfd2fc9608189cfa34dd36b1
parent	remove unneeded chown (diff)
download	firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.gz firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.zst firejail-9e025dab2a228092058d170daa78290a33e626b3.zip

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 37e3de5d8..513a5a8a2 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c
@@ -81,6 +81,7 @@ void appimage_set(const char *appimage_path) {
81	fprintf(stderr, "Error: cannot create temporary directory\n");	81	fprintf(stderr, "Error: cannot create temporary directory\n");
82	exit(1);	82	exit(1);
83	}	83	}
		84	ASSERT_PERMS(mntdir, getuid(), getgid(), 0700);
84		85
85	char *mode;	86	char *mode;
86	if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)	87	if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 8e30e929a..4bc953e24 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -75,6 +75,27 @@
75	#define DEFAULT_ROOT_PROFILE "server"	75	#define DEFAULT_ROOT_PROFILE "server"
76	#define MAX_INCLUDE_LEVEL 6 // include levels in profile files	76	#define MAX_INCLUDE_LEVEL 6 // include levels in profile files
77		77
		78
		79	#define ASSERT_PERMS(file, uid, gid, mode) \
		80	do { \
		81	assert(file);\
		82	struct stat s;\
		83	if (stat(file, &s) == -1) errExit("stat");\
		84	assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
		85	} while (0)
		86	#define ASSERT_PERMS_FD(fd, uid, gid, mode) \
		87	do { \
		88	struct stat s;\
		89	if (stat(fd, &s) == -1) errExit("stat");\
		90	assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
		91	} while (0)
		92	#define ASSERT_PERMS_STREAM(file, uid, gid, mode) \
		93	do { \
		94	int fd = fileno(file);\
		95	if (fd == -1) errExit("fileno");\
		96	ASSERT_PERMS_FD(fd, uid, gid, mode);\
		97	} while (0)
		98
78	// main.c	99	// main.c
79	typedef struct bridge_t {	100	typedef struct bridge_t {
80	// on the host	101	// on the host
@@ -386,7 +407,7 @@ void logsignal(int s);
386	void logmsg(const char *msg);	407	void logmsg(const char *msg);
387	void logargs(int argc, char **argv) ;	408	void logargs(int argc, char **argv) ;
388	void logerr(const char *msg);	409	void logerr(const char *msg);
389	int copy_file(const char srcname, const char destname);	410	int copy_file(const char srcname, const char destname, uid_t uid, gid_t gid, mode_t mode);
390	int is_dir(const char *fname);	411	int is_dir(const char *fname);
391	int is_link(const char *fname);	412	int is_link(const char *fname);
392	char line_remove_spaces(const char buf);	413	char line_remove_spaces(const char buf);