diff options
author | Laurent Declercq <l.declercq@nuxwin.com> | 2016-08-14 19:41:44 +0200 |
---|---|---|
committer | Laurent Declercq <l.declercq@nuxwin.com> | 2016-08-14 19:41:44 +0200 |
commit | 62edc4b5d4bfdb81690a4a955763285760657079 (patch) | |
tree | b3cea6a4c5383d7b432881bc28b743ccb89ee953 | |
parent | branch status (diff) | |
download | firejail-62edc4b5d4bfdb81690a4a955763285760657079.tar.gz firejail-62edc4b5d4bfdb81690a4a955763285760657079.tar.zst firejail-62edc4b5d4bfdb81690a4a955763285760657079.zip |
Fixed #712
-rw-r--r-- | src/firejail/fs.c | 17 | ||||
-rw-r--r-- | src/firejail/main.c | 12 |
2 files changed, 21 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5fe31cec8..98b661028 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1110,13 +1110,16 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
1110 | } | 1110 | } |
1111 | free(name); | 1111 | free(name); |
1112 | 1112 | ||
1113 | // check shell | 1113 | // check shell (test not needed. We already test access in main.c) |
1114 | if (!arg_shell_none) { | 1114 | //if (!arg_shell_none) { |
1115 | if (stat(cfg.shell, &s) == -1) { | 1115 | // if (asprintf(&name, "%s%s", rootdir, (char *)&cfg.shell) == -1) |
1116 | fprintf(stderr, "Error: cannot find %s in chroot directory\n", cfg.shell); | 1116 | // errExit("asprintf"); |
1117 | return 1; | 1117 | // if (stat(name, &s) == -1) { |
1118 | } | 1118 | // fprintf(stderr, "Error: cannot find %s in chroot directory\n", name); |
1119 | } | 1119 | // return 1; |
1120 | // } | ||
1121 | // free(name); | ||
1122 | //} | ||
1120 | 1123 | ||
1121 | // check x11 socket directory | 1124 | // check x11 socket directory |
1122 | if (getenv("FIREJAIL_X11")) { | 1125 | if (getenv("FIREJAIL_X11")) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c8cc3f460..13270314b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1929,9 +1929,19 @@ int main(int argc, char **argv) { | |||
1929 | fprintf(stderr, "Error: invalid shell\n"); | 1929 | fprintf(stderr, "Error: invalid shell\n"); |
1930 | exit(1); | 1930 | exit(1); |
1931 | } | 1931 | } |
1932 | 1932 | ||
1933 | // access call checks as real UID/GID, not as effective UID/GID | 1933 | // access call checks as real UID/GID, not as effective UID/GID |
1934 | if (access(cfg.shell, R_OK)) { | 1934 | if (access(cfg.shell, R_OK)) { |
1935 | if(cfg.chrootdir) { | ||
1936 | char *shellpath; | ||
1937 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | ||
1938 | errExit("asprintf"); | ||
1939 | if (access(shellpath, R_OK)) { | ||
1940 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | ||
1941 | exit(1); | ||
1942 | } | ||
1943 | free(shellpath); | ||
1944 | } else if (access(cfg.shell, R_OK)) { | ||
1935 | fprintf(stderr, "Error: cannot access shell file\n"); | 1945 | fprintf(stderr, "Error: cannot access shell file\n"); |
1936 | exit(1); | 1946 | exit(1); |
1937 | } | 1947 | } |