diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-01-20 16:02:47 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-01-20 16:02:47 +0100 |
| commit | 854626447877d013d2149a775177b5abdce73ced (patch) | |
| tree | bb26784ce9769b024e5f5105b9516ebd53add34f | |
| parent | Merge pull request #3903 from smitsohu/privatelib3 (diff) | |
| parent | private-lib: search executables in $PATH (diff) | |
| download | firejail-854626447877d013d2149a775177b5abdce73ced.tar.gz firejail-854626447877d013d2149a775177b5abdce73ced.tar.zst firejail-854626447877d013d2149a775177b5abdce73ced.zip | |
Merge pull request #3900 from smitsohu/privatelib
Add $PATH expansion to private-lib
| -rw-r--r-- | src/firejail/fs_lib.c | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 1095a9fa8..2d5689a6a 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
| @@ -33,6 +33,52 @@ extern void fslib_install_system(void); | |||
| 33 | static int lib_cnt = 0; | 33 | static int lib_cnt = 0; |
| 34 | static int dir_cnt = 0; | 34 | static int dir_cnt = 0; |
| 35 | 35 | ||
| 36 | static char *find_in_path(const char *program) { | ||
| 37 | EUID_ASSERT(); | ||
| 38 | if (arg_debug) | ||
| 39 | printf("Searching $PATH for %s\n", program); | ||
| 40 | |||
| 41 | char self[MAXBUF]; | ||
| 42 | ssize_t len = readlink("/proc/self/exe", self, MAXBUF - 1); | ||
| 43 | if (len < 0) | ||
| 44 | errExit("readlink"); | ||
| 45 | self[len] = '\0'; | ||
| 46 | |||
| 47 | char *path = getenv("PATH"); | ||
| 48 | if (!path) | ||
| 49 | return NULL; | ||
| 50 | char *dup = strdup(path); | ||
| 51 | if (!dup) | ||
| 52 | errExit("strdup"); | ||
| 53 | char *tok = strtok(dup, ":"); | ||
| 54 | while (tok) { | ||
| 55 | char *fname; | ||
| 56 | if (asprintf(&fname, "%s/%s", tok, program) == -1) | ||
| 57 | errExit("asprintf"); | ||
| 58 | |||
| 59 | if (arg_debug) | ||
| 60 | printf("trying #%s#\n", fname); | ||
| 61 | struct stat s; | ||
| 62 | if (stat(fname, &s) == 0) { | ||
| 63 | // but skip links created by firecfg | ||
| 64 | char *rp = realpath(fname, NULL); | ||
| 65 | if (!rp) | ||
| 66 | errExit("realpath"); | ||
| 67 | if (strcmp(self, rp) != 0) { | ||
| 68 | free(rp); | ||
| 69 | free(dup); | ||
| 70 | return fname; | ||
| 71 | } | ||
| 72 | free(rp); | ||
| 73 | } | ||
| 74 | free(fname); | ||
| 75 | tok = strtok(NULL, ":"); | ||
| 76 | } | ||
| 77 | |||
| 78 | free(dup); | ||
| 79 | return NULL; | ||
| 80 | } | ||
| 81 | |||
| 36 | static void report_duplication(const char *full_path) { | 82 | static void report_duplication(const char *full_path) { |
| 37 | char *fname = strrchr(full_path, '/'); | 83 | char *fname = strrchr(full_path, '/'); |
| 38 | if (fname && *(++fname) != '\0') { | 84 | if (fname && *(++fname) != '\0') { |
| @@ -358,7 +404,18 @@ void fs_private_lib(void) { | |||
| 358 | if (cfg.original_program_index > 0) { | 404 | if (cfg.original_program_index > 0) { |
| 359 | if (arg_debug || arg_debug_private_lib) | 405 | if (arg_debug || arg_debug_private_lib) |
| 360 | printf("Installing sandboxed program libraries\n"); | 406 | printf("Installing sandboxed program libraries\n"); |
| 361 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | 407 | |
| 408 | if (strchr(cfg.original_argv[cfg.original_program_index], '/')) | ||
| 409 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | ||
| 410 | else { // search executable in $PATH | ||
| 411 | EUID_USER(); | ||
| 412 | char *fname = find_in_path(cfg.original_argv[cfg.original_program_index]); | ||
| 413 | EUID_ROOT(); | ||
| 414 | if (fname) { | ||
| 415 | fslib_install_list(fname); | ||
| 416 | free(fname); | ||
| 417 | } | ||
| 418 | } | ||
| 362 | } | 419 | } |
| 363 | 420 | ||
| 364 | // for the shell | 421 | // for the shell |