diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-14 15:28:29 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-14 15:28:29 -0400 |
commit | d6deffe30d858673b5c6142d17da1ff8b04e55d1 (patch) | |
tree | 16b3c34074c9edf62a974e24fb1343c539c9a2fd | |
parent | fixed login shell (diff) | |
parent | CS fixes (diff) | |
download | firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.tar.gz firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.tar.zst firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.zip |
Merge pull request #713 from i-MSCP/master
Fixed #712
-rw-r--r-- | src/firejail/fs.c | 17 | ||||
-rw-r--r-- | src/firejail/main.c | 13 |
2 files changed, 21 insertions, 9 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5fe31cec8..98b661028 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1110,13 +1110,16 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
1110 | } | 1110 | } |
1111 | free(name); | 1111 | free(name); |
1112 | 1112 | ||
1113 | // check shell | 1113 | // check shell (test not needed. We already test access in main.c) |
1114 | if (!arg_shell_none) { | 1114 | //if (!arg_shell_none) { |
1115 | if (stat(cfg.shell, &s) == -1) { | 1115 | // if (asprintf(&name, "%s%s", rootdir, (char *)&cfg.shell) == -1) |
1116 | fprintf(stderr, "Error: cannot find %s in chroot directory\n", cfg.shell); | 1116 | // errExit("asprintf"); |
1117 | return 1; | 1117 | // if (stat(name, &s) == -1) { |
1118 | } | 1118 | // fprintf(stderr, "Error: cannot find %s in chroot directory\n", name); |
1119 | } | 1119 | // return 1; |
1120 | // } | ||
1121 | // free(name); | ||
1122 | //} | ||
1120 | 1123 | ||
1121 | // check x11 socket directory | 1124 | // check x11 socket directory |
1122 | if (getenv("FIREJAIL_X11")) { | 1125 | if (getenv("FIREJAIL_X11")) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index fbffedbde..3e5663a9b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1956,9 +1956,18 @@ EUID_USER(); | |||
1956 | fprintf(stderr, "Error: invalid shell\n"); | 1956 | fprintf(stderr, "Error: invalid shell\n"); |
1957 | exit(1); | 1957 | exit(1); |
1958 | } | 1958 | } |
1959 | 1959 | ||
1960 | // access call checks as real UID/GID, not as effective UID/GID | 1960 | // access call checks as real UID/GID, not as effective UID/GID |
1961 | if (access(cfg.shell, R_OK)) { | 1961 | if(cfg.chrootdir) { |
1962 | char *shellpath; | ||
1963 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | ||
1964 | errExit("asprintf"); | ||
1965 | if (access(shellpath, R_OK)) { | ||
1966 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | ||
1967 | exit(1); | ||
1968 | } | ||
1969 | free(shellpath); | ||
1970 | } else if (access(cfg.shell, R_OK)) { | ||
1962 | fprintf(stderr, "Error: cannot access shell file\n"); | 1971 | fprintf(stderr, "Error: cannot access shell file\n"); |
1963 | exit(1); | 1972 | exit(1); |
1964 | } | 1973 | } |