diff options
author | smitsohu <smitsohu@gmail.com> | 2022-06-08 15:20:44 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-06-08 15:20:44 +0200 |
commit | dab835e7a0eb287822016f5ae4e87f46e1d363e7 (patch) | |
tree | 339462b5fa45ebd914f88810f09f1c47127230b8 | |
parent | shutdown testing (diff) | |
download | firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.gz firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.zst firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.zip |
CVE-2022-31214: fixing the fix
-rw-r--r-- | src/firejail/fs_etc.c | 6 | ||||
-rw-r--r-- | src/firejail/process.c | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index deaee31bb..e87d3b726 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -104,7 +104,7 @@ static void build_dirs(char *src, char *dst, size_t src_prefix_len, size_t dst_p | |||
104 | *q = '\0'; | 104 | *q = '\0'; |
105 | *r = '/'; | 105 | *r = '/'; |
106 | r = q; | 106 | r = q; |
107 | create_empty_dir_as_root(dst, s.st_mode); | 107 | mkdir_attr(dst, s.st_mode, 0, 0); |
108 | } | 108 | } |
109 | if (!last) { | 109 | if (!last) { |
110 | // If we're not at the final terminating null, restore | 110 | // If we're not at the final terminating null, restore |
@@ -330,9 +330,9 @@ void fs_rebuild_etc(void) { | |||
330 | symlink_done = 1; | 330 | symlink_done = 1; |
331 | } | 331 | } |
332 | else if (S_ISDIR(s.st_mode)) | 332 | else if (S_ISDIR(s.st_mode)) |
333 | create_empty_dir_as_root(dest, s.st_mode); | 333 | create_empty_dir_as_root(dest, S_IRWXU); |
334 | else | 334 | else |
335 | create_empty_file_as_root(dest, s.st_mode); | 335 | create_empty_file_as_root(dest, S_IRUSR | S_IWUSR); |
336 | 336 | ||
337 | // bind-mount src on top of dest | 337 | // bind-mount src on top of dest |
338 | if (!symlink_done) { | 338 | if (!symlink_done) { |
diff --git a/src/firejail/process.c b/src/firejail/process.c index 5adb4f8cc..fa6b1394d 100644 --- a/src/firejail/process.c +++ b/src/firejail/process.c | |||
@@ -96,7 +96,7 @@ int process_stat_nofail(ProcessHandle process, const char *fname, struct stat *s | |||
96 | int process_stat(ProcessHandle process, const char *fname, struct stat *s) { | 96 | int process_stat(ProcessHandle process, const char *fname, struct stat *s) { |
97 | int rv = process_stat_nofail(process, fname, s); | 97 | int rv = process_stat_nofail(process, fname, s); |
98 | if (rv) { | 98 | if (rv) { |
99 | fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process->pid, fname, strerror(errno)); | 99 | fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno)); |
100 | exit(1); | 100 | exit(1); |
101 | } | 101 | } |
102 | 102 | ||
@@ -117,7 +117,7 @@ int process_open_nofail(ProcessHandle process, const char *fname) { | |||
117 | int process_open(ProcessHandle process, const char *fname) { | 117 | int process_open(ProcessHandle process, const char *fname) { |
118 | int rv = process_open_nofail(process, fname); | 118 | int rv = process_open_nofail(process, fname); |
119 | if (rv < 0) { | 119 | if (rv < 0) { |
120 | fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process->pid, fname, strerror(errno)); | 120 | fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno)); |
121 | exit(1); | 121 | exit(1); |
122 | } | 122 | } |
123 | 123 | ||