diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-01-20 02:55:51 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-01-20 14:36:32 +0100 |
| commit | e6adf8150fef150e0d32ee22ae3d0005e82a8dd2 (patch) | |
| tree | 6f2b33a43c197609bca7ded99081ba8e9ec18170 | |
| parent | Add 'seccomp-error-action log' to profile.template (diff) | |
| download | firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.tar.gz firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.tar.zst firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.zip | |
private-lib: search executables in $PATH
| -rw-r--r-- | src/firejail/fs_lib.c | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index a5c005931..ae3172991 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
| @@ -33,6 +33,52 @@ extern void fslib_install_system(void); | |||
| 33 | static int lib_cnt = 0; | 33 | static int lib_cnt = 0; |
| 34 | static int dir_cnt = 0; | 34 | static int dir_cnt = 0; |
| 35 | 35 | ||
| 36 | static char *find_in_path(const char *program) { | ||
| 37 | EUID_ASSERT(); | ||
| 38 | if (arg_debug) | ||
| 39 | printf("Searching $PATH for %s\n", program); | ||
| 40 | |||
| 41 | char self[MAXBUF]; | ||
| 42 | ssize_t len = readlink("/proc/self/exe", self, MAXBUF - 1); | ||
| 43 | if (len < 0) | ||
| 44 | errExit("readlink"); | ||
| 45 | self[len] = '\0'; | ||
| 46 | |||
| 47 | char *path = getenv("PATH"); | ||
| 48 | if (!path) | ||
| 49 | return NULL; | ||
| 50 | char *dup = strdup(path); | ||
| 51 | if (!dup) | ||
| 52 | errExit("strdup"); | ||
| 53 | char *tok = strtok(dup, ":"); | ||
| 54 | while (tok) { | ||
| 55 | char *fname; | ||
| 56 | if (asprintf(&fname, "%s/%s", tok, program) == -1) | ||
| 57 | errExit("asprintf"); | ||
| 58 | |||
| 59 | if (arg_debug) | ||
| 60 | printf("trying #%s#\n", fname); | ||
| 61 | struct stat s; | ||
| 62 | if (stat(fname, &s) == 0) { | ||
| 63 | // but skip links created by firecfg | ||
| 64 | char *rp = realpath(fname, NULL); | ||
| 65 | if (!rp) | ||
| 66 | errExit("realpath"); | ||
| 67 | if (strcmp(self, rp) != 0) { | ||
| 68 | free(rp); | ||
| 69 | free(dup); | ||
| 70 | return fname; | ||
| 71 | } | ||
| 72 | free(rp); | ||
| 73 | } | ||
| 74 | free(fname); | ||
| 75 | tok = strtok(NULL, ":"); | ||
| 76 | } | ||
| 77 | |||
| 78 | free(dup); | ||
| 79 | return NULL; | ||
| 80 | } | ||
| 81 | |||
| 36 | static void report_duplication(const char *full_path) { | 82 | static void report_duplication(const char *full_path) { |
| 37 | char *fname = strrchr(full_path, '/'); | 83 | char *fname = strrchr(full_path, '/'); |
| 38 | if (fname && *(++fname) != '\0') { | 84 | if (fname && *(++fname) != '\0') { |
| @@ -350,7 +396,18 @@ void fs_private_lib(void) { | |||
| 350 | if (cfg.original_program_index > 0) { | 396 | if (cfg.original_program_index > 0) { |
| 351 | if (arg_debug || arg_debug_private_lib) | 397 | if (arg_debug || arg_debug_private_lib) |
| 352 | printf("Installing sandboxed program libraries\n"); | 398 | printf("Installing sandboxed program libraries\n"); |
| 353 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | 399 | |
| 400 | if (strchr(cfg.original_argv[cfg.original_program_index], '/')) | ||
| 401 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | ||
| 402 | else { // search executable in $PATH | ||
| 403 | EUID_USER(); | ||
| 404 | char *fname = find_in_path(cfg.original_argv[cfg.original_program_index]); | ||
| 405 | EUID_ROOT(); | ||
| 406 | if (fname) { | ||
| 407 | fslib_install_list(fname); | ||
| 408 | free(fname); | ||
| 409 | } | ||
| 410 | } | ||
| 354 | } | 411 | } |
| 355 | 412 | ||
| 356 | // for the shell | 413 | // for the shell |