diff options
author | smitsohu <smitsohu@gmail.com> | 2018-08-30 00:58:21 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-08-30 00:58:21 +0200 |
commit | bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7 (patch) | |
tree | 04a8ace3149edbdbe9648dd85c94f7a77e5f737d | |
parent | reject chroot if it is world-writable, related enhancements (diff) | |
download | firejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.tar.gz firejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.tar.zst firejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.zip |
little tweak
-rw-r--r-- | src/firejail/main.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 435c04d76..6170806f9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1500,15 +1500,14 @@ int main(int argc, char **argv) { | |||
1500 | cfg.chrootdir = tmp; | 1500 | cfg.chrootdir = tmp; |
1501 | } | 1501 | } |
1502 | 1502 | ||
1503 | // check chroot dirname exists | 1503 | if (strstr(cfg.chrootdir, "..") || is_link(cfg.chrootdir)) { |
1504 | if (strstr(cfg.chrootdir, "..") || !is_dir(cfg.chrootdir) || is_link(cfg.chrootdir)) { | ||
1505 | fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); | 1504 | fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); |
1506 | return 1; | 1505 | return 1; |
1507 | } | 1506 | } |
1508 | 1507 | ||
1509 | // don't allow "--chroot=/" | 1508 | // check chroot dirname exists, don't allow "--chroot=/" |
1510 | char *rpath = realpath(cfg.chrootdir, NULL); | 1509 | char *rpath = realpath(cfg.chrootdir, NULL); |
1511 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | 1510 | if (rpath == NULL || !is_dir(rpath) || strcmp(rpath, "/") == 0) { |
1512 | fprintf(stderr, "Error: invalid chroot directory\n"); | 1511 | fprintf(stderr, "Error: invalid chroot directory\n"); |
1513 | exit(1); | 1512 | exit(1); |
1514 | } | 1513 | } |