diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-04 10:06:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-04 10:06:21 -0400 |
commit | 15298f20afeaff362c74e8ad7e66338f442cf441 (patch) | |
tree | b7e25a3e22b882c33967524fe1859c0c4c0f2ced | |
parent | execv fixes (diff) | |
download | firejail-15298f20afeaff362c74e8ad7e66338f442cf441.tar.gz firejail-15298f20afeaff362c74e8ad7e66338f442cf441.tar.zst firejail-15298f20afeaff362c74e8ad7e66338f442cf441.zip |
execv fixes
-rw-r--r-- | src/firejail/bandwidth.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 8 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 |
5 files changed, 7 insertions, 9 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index ab9714afe..512cc0b05 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -462,7 +462,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
462 | arg[1] = "-c"; | 462 | arg[1] = "-c"; |
463 | arg[2] = cmd; | 463 | arg[2] = cmd; |
464 | arg[3] = NULL; | 464 | arg[3] = NULL; |
465 | assert(getenv("LD_PRELOAD") == NULL); | 465 | clearenv(); |
466 | execvp(arg[0], arg); | 466 | execvp(arg[0], arg); |
467 | 467 | ||
468 | // it will never get here | 468 | // it will never get here |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index d6fee0608..a3576e7c4 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -191,7 +191,7 @@ static void duplicate(char *fname) { | |||
191 | char *f; | 191 | char *f; |
192 | if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1) | 192 | if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1) |
193 | errExit("asprintf"); | 193 | errExit("asprintf"); |
194 | assert(getenv("LD_PRELOAD") == NULL); | 194 | clearenv(); |
195 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL); | 195 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL); |
196 | perror("execlp"); | 196 | perror("execlp"); |
197 | _exit(1); | 197 | _exit(1); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 4f3417236..830de7c9f 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -105,7 +105,7 @@ static void duplicate(char *fname) { | |||
105 | char *f; | 105 | char *f; |
106 | if (asprintf(&f, "/etc/%s", fname) == -1) | 106 | if (asprintf(&f, "/etc/%s", fname) == -1) |
107 | errExit("asprintf"); | 107 | errExit("asprintf"); |
108 | assert(getenv("LD_PRELOAD") == NULL); | 108 | clearenv(); |
109 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL); | 109 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL); |
110 | perror("execlp"); | 110 | perror("execlp"); |
111 | _exit(1); | 111 | _exit(1); |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index efef45d90..1df4b7a0f 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -143,8 +143,7 @@ void netfilter(const char *fname) { | |||
143 | dup2(fd,STDIN_FILENO); | 143 | dup2(fd,STDIN_FILENO); |
144 | 144 | ||
145 | // wipe out environment variables | 145 | // wipe out environment variables |
146 | environ = NULL; | 146 | clearenv(); |
147 | assert(getenv("LD_PRELOAD") == NULL); | ||
148 | execl(iptables_restore, iptables_restore, NULL); | 147 | execl(iptables_restore, iptables_restore, NULL); |
149 | perror("execl"); | 148 | perror("execl"); |
150 | _exit(1); | 149 | _exit(1); |
@@ -258,8 +257,7 @@ void netfilter6(const char *fname) { | |||
258 | dup2(fd,STDIN_FILENO); | 257 | dup2(fd,STDIN_FILENO); |
259 | 258 | ||
260 | // wipe out environment variables | 259 | // wipe out environment variables |
261 | environ = NULL; | 260 | clearenv(); |
262 | assert(getenv("LD_PRELOAD") == NULL); | ||
263 | execl(ip6tables_restore, ip6tables_restore, NULL); | 261 | execl(ip6tables_restore, ip6tables_restore, NULL); |
264 | perror("execl"); | 262 | perror("execl"); |
265 | _exit(1); | 263 | _exit(1); |
@@ -273,7 +271,7 @@ void netfilter6(const char *fname) { | |||
273 | if (child < 0) | 271 | if (child < 0) |
274 | errExit("fork"); | 272 | errExit("fork"); |
275 | if (child == 0) { | 273 | if (child == 0) { |
276 | environ = NULL; | 274 | clearenv(); |
277 | execl(ip6tables, ip6tables, "-vL", NULL); | 275 | execl(ip6tables, ip6tables, "-vL", NULL); |
278 | perror("execl"); | 276 | perror("execl"); |
279 | _exit(1); | 277 | _exit(1); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index a5a067090..65ca5c443 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -165,7 +165,7 @@ int sbox_run(unsigned filter, int num, ...) { | |||
165 | else if (filter & SBOX_USER) | 165 | else if (filter & SBOX_USER) |
166 | drop_privs(1); | 166 | drop_privs(1); |
167 | 167 | ||
168 | assert(getenv("LD_PRELOAD") == NULL); | 168 | clearenv(); |
169 | if (arg[0]) // get rid of scan-build warning | 169 | if (arg[0]) // get rid of scan-build warning |
170 | execvp(arg[0], arg); | 170 | execvp(arg[0], arg); |
171 | else | 171 | else |