diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-15 09:44:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-15 09:44:54 -0400 |
commit | 00258a8e5c1f31b60020302cf1560cd0d13260ad (patch) | |
tree | 33be5b6e5bc17b6d2a0550a5197708110bd49f91 | |
parent | more ssh fixes (diff) | |
download | firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.tar.gz firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.tar.zst firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.zip |
removed prompt, ssh fixes
-rw-r--r-- | src/firejail/env.c | 4 | ||||
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 63 | ||||
-rw-r--r-- | src/firejail/restricted_shell.c | 24 |
4 files changed, 73 insertions, 20 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index 328b19c5b..c05abadca 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -125,8 +125,8 @@ void env_defaults(void) { | |||
125 | errExit("setenv"); | 125 | errExit("setenv"); |
126 | // set prompt color to green | 126 | // set prompt color to green |
127 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | 127 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' |
128 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | 128 | // if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) |
129 | errExit("setenv"); | 129 | // errExit("setenv"); |
130 | 130 | ||
131 | // set the window title | 131 | // set the window title |
132 | printf("\033]0;firejail %s\007", cfg.window_title); | 132 | printf("\033]0;firejail %s\007", cfg.window_title); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2a96afa1b..ce232ace5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -22,6 +22,8 @@ | |||
22 | #include "../include/common.h" | 22 | #include "../include/common.h" |
23 | #include "../include/euid_common.h" | 23 | #include "../include/euid_common.h" |
24 | 24 | ||
25 | // debug restricted shell | ||
26 | //#define DEBUG_RESTRICTED_SHELL | ||
25 | 27 | ||
26 | // filesystem | 28 | // filesystem |
27 | #define RUN_FIREJAIL_BASEDIR "/run" | 29 | #define RUN_FIREJAIL_BASEDIR "/run" |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 6f1e7531a..047d1a010 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -879,25 +879,35 @@ int main(int argc, char **argv) { | |||
879 | arg_quiet = 1; | 879 | arg_quiet = 1; |
880 | parent_sshd = 1; | 880 | parent_sshd = 1; |
881 | 881 | ||
882 | #if 0 | 882 | #ifdef DEBUG_RESTRICTED_SHELL |
883 | EUID_ROOT(); | 883 | {EUID_ROOT(); |
884 | FILE *fp = fopen("/mylog", "w"); | 884 | FILE *fp = fopen("/firelog", "w"); |
885 | if (fp) { | 885 | if (fp) { |
886 | int i; | 886 | int i; |
887 | for (i = 0; i < argc; i++) | 887 | fprintf(fp, "argc %d: ", argc); |
888 | fprintf(fp, "#%s# ", argv[i]); | 888 | for (i = 0; i < argc; i++) |
889 | fprintf(fp, "\n"); | 889 | fprintf(fp, "#%s# ", argv[i]); |
890 | fclose(fp); | 890 | fprintf(fp, "\n"); |
891 | } | 891 | fclose(fp); |
892 | EUID_USER(); | 892 | } |
893 | EUID_USER();} | ||
893 | #endif | 894 | #endif |
894 | |||
895 | // run sftp and scp directly without any sandboxing | 895 | // run sftp and scp directly without any sandboxing |
896 | // regular login has argv[0] == "-firejail" | 896 | // regular login has argv[0] == "-firejail" |
897 | if (*argv[0] != '-') { | 897 | if (*argv[0] != '-') { |
898 | if (strcmp(argv[1], "-c") == 0 && argc > 2) { | 898 | if (strcmp(argv[1], "-c") == 0 && argc > 2) { |
899 | if (strcmp(argv[2], "/usr/lib/openssh/sftp-server") == 0 || | 899 | if (strcmp(argv[2], "/usr/lib/openssh/sftp-server") == 0 || |
900 | strncmp(argv[2], "scp ", 4) == 0) { | 900 | strncmp(argv[2], "scp ", 4) == 0) { |
901 | #ifdef DEBUG_RESTRICTED_SHELL | ||
902 | {EUID_ROOT(); | ||
903 | FILE *fp = fopen("/firelog", "a"); | ||
904 | if (fp) { | ||
905 | fprintf(fp, "run without a sandbox\n"); | ||
906 | fclose(fp); | ||
907 | } | ||
908 | EUID_USER();} | ||
909 | #endif | ||
910 | |||
901 | drop_privs(1); | 911 | drop_privs(1); |
902 | run_no_sandbox(argc, argv); | 912 | run_no_sandbox(argc, argv); |
903 | } | 913 | } |
@@ -914,6 +924,21 @@ EUID_USER(); | |||
914 | login_shell = 1; | 924 | login_shell = 1; |
915 | fullargc = restricted_shell(cfg.username); | 925 | fullargc = restricted_shell(cfg.username); |
916 | if (fullargc) { | 926 | if (fullargc) { |
927 | |||
928 | #ifdef DEBUG_RESTRICTED_SHELL | ||
929 | {EUID_ROOT(); | ||
930 | FILE *fp = fopen("/firelog", "a"); | ||
931 | if (fp) { | ||
932 | fprintf(fp, "fullargc %d: ", fullargc); | ||
933 | int i; | ||
934 | for (i = 0; i < fullargc; i++) | ||
935 | fprintf(fp, "#%s# ", fullargv[i]); | ||
936 | fprintf(fp, "\n"); | ||
937 | fclose(fp); | ||
938 | } | ||
939 | EUID_USER();} | ||
940 | #endif | ||
941 | |||
917 | int j; | 942 | int j; |
918 | for (i = 1, j = fullargc; i < argc && j < MAX_ARGS; i++, j++, fullargc++) | 943 | for (i = 1, j = fullargc; i < argc && j < MAX_ARGS; i++, j++, fullargc++) |
919 | fullargv[j] = argv[i]; | 944 | fullargv[j] = argv[i]; |
@@ -921,6 +946,20 @@ EUID_USER(); | |||
921 | // replace argc/argv with fullargc/fullargv | 946 | // replace argc/argv with fullargc/fullargv |
922 | argv = fullargv; | 947 | argv = fullargv; |
923 | argc = j; | 948 | argc = j; |
949 | |||
950 | #ifdef DEBUG_RESTRICTED_SHELL | ||
951 | {EUID_ROOT(); | ||
952 | FILE *fp = fopen("/firelog", "a"); | ||
953 | if (fp) { | ||
954 | fprintf(fp, "argc %d: ", argc); | ||
955 | int i; | ||
956 | for (i = 0; i < argc; i++) | ||
957 | fprintf(fp, "#%s# ", argv[i]); | ||
958 | fprintf(fp, "\n"); | ||
959 | fclose(fp); | ||
960 | } | ||
961 | EUID_USER();} | ||
962 | #endif | ||
924 | } | 963 | } |
925 | } | 964 | } |
926 | else { | 965 | else { |
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index e66ed0e6b..24ce27c2e 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
@@ -84,16 +84,28 @@ int restricted_shell(const char *user) { | |||
84 | int i; | 84 | int i; |
85 | ptr = args; | 85 | ptr = args; |
86 | for (i = 1; i < MAX_ARGS; i++) { | 86 | for (i = 1; i < MAX_ARGS; i++) { |
87 | fullargv[i] = ptr; | 87 | // skip blanks |
88 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | 88 | while (*ptr == ' ' || *ptr == '\t') |
89 | ptr++; | 89 | ptr++; |
90 | fullargv[i] = ptr; | ||
91 | #ifdef DEBUG_RESTRICTED_SHELL | ||
92 | {EUID_ROOT(); | ||
93 | FILE *fp = fopen("/firelog", "a"); | ||
94 | if (fp) { | ||
95 | fprintf(fp, "i %d ptr #%s#\n", i, fullargv[i]); | ||
96 | fclose(fp); | ||
97 | } | ||
98 | EUID_USER();} | ||
99 | #endif | ||
100 | |||
90 | if (*ptr != '\0') { | 101 | if (*ptr != '\0') { |
102 | // go to the end of the word | ||
103 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
104 | ptr++; | ||
91 | *ptr ='\0'; | 105 | *ptr ='\0'; |
92 | fullargv[i] = strdup(fullargv[i]); | 106 | fullargv[i] = strdup(fullargv[i]); |
93 | if (fullargv[i] == NULL) { | 107 | if (fullargv[i] == NULL) |
94 | fprintf(stderr, "Error: cannot allocate memory\n"); | 108 | errExit("strdup"); |
95 | exit(1); | ||
96 | } | ||
97 | ptr++; | 109 | ptr++; |
98 | while (*ptr == ' ' || *ptr == '\t') | 110 | while (*ptr == ' ' || *ptr == '\t') |
99 | ptr++; | 111 | ptr++; |