diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-24 09:29:39 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-24 09:29:39 -0400 |
commit | 1ccd5d84b9d7491bb8deec24db5c8ea0a163fa10 (patch) | |
tree | a951ab073dfa608483e3c5a3013ccc892195ba89 | |
parent | Merge pull request #742 from manevich/security (diff) | |
download | firejail-1ccd5d84b9d7491bb8deec24db5c8ea0a163fa10.tar.gz firejail-1ccd5d84b9d7491bb8deec24db5c8ea0a163fa10.tar.zst firejail-1ccd5d84b9d7491bb8deec24db5c8ea0a163fa10.zip |
testing 0.9.42~rc2
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 21 | ||||
-rw-r--r-- | RELNOTES | 20 | ||||
-rw-r--r-- | src/firejail/firejail.h | 10 | ||||
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/profile.c | 3 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 | ||||
-rw-r--r-- | src/firejail/usage.c | 17 | ||||
-rw-r--r-- | src/man/firejail.txt | 12 |
10 files changed, 49 insertions, 49 deletions
diff --git a/Makefile.in b/Makefile.in index d1b3d3be8..803769f3f 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -204,5 +204,5 @@ test-network: | |||
204 | test-fs: | 204 | test-fs: |
205 | cd test/fs; ./fs.sh | grep TESTING | 205 | cd test/fs; ./fs.sh | grep TESTING |
206 | 206 | ||
207 | test: test-profiles test-fs test-utils test-environment test-sysutils test-apps test-apps-x11 test-filters | 207 | test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-filters |
208 | echo "TEST COMPLETE" | 208 | echo "TEST COMPLETE" |
@@ -39,6 +39,7 @@ Aleksey Manevich (https://github.com/manevich) | |||
39 | - Busybox support | 39 | - Busybox support |
40 | - X11 support rewrite | 40 | - X11 support rewrite |
41 | - gether shell selection code in one place | 41 | - gether shell selection code in one place |
42 | - fixed several TOCTOU security problems | ||
42 | greigdp (https://github.com/greigdp) | 43 | greigdp (https://github.com/greigdp) |
43 | - Gajim IM client profile | 44 | - Gajim IM client profile |
44 | - fix Slack profile | 45 | - fix Slack profile |
@@ -38,27 +38,6 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | |||
38 | 38 | ||
39 | Version 0.9.41~rc1 was released. | 39 | Version 0.9.41~rc1 was released. |
40 | 40 | ||
41 | # Branch status: unstable | ||
42 | |||
43 | A number of problems are being worked on. This is the output of "make test": | ||
44 | ````` | ||
45 | [...] | ||
46 | cd test/sysutils; ./sysutils.sh | grep TESTING | ||
47 | TESTING: cpio | ||
48 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 1 | ||
49 | TESTING: gzip | ||
50 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 1 | ||
51 | TESTING: xzdec | ||
52 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 1 | ||
53 | TESTING: xz | ||
54 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 1 | ||
55 | TESTING: less | ||
56 | TESTING: file | ||
57 | TESTING: tar | ||
58 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 3.1 | ||
59 | [...] | ||
60 | ````` | ||
61 | |||
62 | ## Deprecated --user | 41 | ## Deprecated --user |
63 | 42 | ||
64 | --user option was deprecated, please use "sudo -u username firejail application" instead. | 43 | --user option was deprecated, please use "sudo -u username firejail application" instead. |
@@ -3,12 +3,14 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
3 | * security: disable x32 ABI in seccomp, submitted by Jann Horn | 3 | * security: disable x32 ABI in seccomp, submitted by Jann Horn |
4 | * security: tighten --chroot, submitted by Jann Horn | 4 | * security: tighten --chroot, submitted by Jann Horn |
5 | * security: terminal sandbox escape, submitted by Stephan Sokolow | 5 | * security: terminal sandbox escape, submitted by Stephan Sokolow |
6 | * modifs: deprecated --user option, please use "sudo -u username firejail" instead | 6 | * security: several TOCTOU fixes submitted by Aleksey Manevich |
7 | * modifs: deprecated --user option, please use "sudo -u username firejail" | ||
7 | * modifs: allow symlinks in home directory for --whitelist option | 8 | * modifs: allow symlinks in home directory for --whitelist option |
8 | * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" | 9 | * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" |
9 | * modifs: recursive mkdir | 10 | * modifs: recursive mkdir |
10 | * modifs: include /dev/snd in --private-dev | 11 | * modifs: include /dev/snd in --private-dev |
11 | * modifs: seccomp filter update | 12 | * modifs: seccomp filter update |
13 | * modifs: release archives moved to .xz format | ||
12 | * feature: AppImage support (--appimage) | 14 | * feature: AppImage support (--appimage) |
13 | * feature: AppArmor support (--apparmor) | 15 | * feature: AppArmor support (--apparmor) |
14 | * feature: Ubuntu snap support (/etc/firejail/snap.profile) | 16 | * feature: Ubuntu snap support (/etc/firejail/snap.profile) |
@@ -17,7 +19,8 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
17 | * feature: noexec support (--noexec) | 19 | * feature: noexec support (--noexec) |
18 | * feature: clean local overlay storage directory (--overlay-clean) | 20 | * feature: clean local overlay storage directory (--overlay-clean) |
19 | * feature: store and reuse overlay (--overlay-named) | 21 | * feature: store and reuse overlay (--overlay-named) |
20 | * feature: allow debugging inside the sandbox with gdb and strace (--allow-debuggers) | 22 | * feature: allow debugging inside the sandbox with gdb and strace |
23 | (--allow-debuggers) | ||
21 | * feature: mkfile profile command | 24 | * feature: mkfile profile command |
22 | * feature: quiet profile command | 25 | * feature: quiet profile command |
23 | * feature: x11 profile command | 26 | * feature: x11 profile command |
@@ -29,13 +32,14 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
29 | * run time: enable/disable quiet as default (quiet-by-default yes/no) | 32 | * run time: enable/disable quiet as default (quiet-by-default yes/no) |
30 | * run time: user-defined network filter (netfilter-default) | 33 | * run time: user-defined network filter (netfilter-default) |
31 | * run time: enable/disable whitelisting (whitelist yes/no) | 34 | * run time: enable/disable whitelisting (whitelist yes/no) |
32 | * run time: enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) | 35 | * run time: enable/disable remounting of /proc and /sys |
36 | (remount-proc-sys yes/no) | ||
33 | * run time: enable/disable chroot desktop features (chroot-desktop yes/no) | 37 | * run time: enable/disable chroot desktop features (chroot-desktop yes/no) |
34 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 38 | * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
35 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less | 39 | * profiles: pix, audacity, xz, xzdec, gzip, cpio, less |
36 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview | 40 | * profiles: Atom Beta, Atom, jitsi, eom, uudeview |
37 | * new profiles: tar (gtar), unzip, unrar, file, skypeforlinux, | 41 | * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, |
38 | * new profiles: inox, Slack, gnome-chess. Gajim IM client | 42 | * profiles: inox, Slack, gnome-chess. Gajim IM client |
39 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 | 43 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 |
40 | 44 | ||
41 | firejail (0.9.40) baseline; urgency=low | 45 | firejail (0.9.40) baseline; urgency=low |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a3b573acc..755ed4979 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -81,19 +81,23 @@ | |||
81 | assert(file);\ | 81 | assert(file);\ |
82 | struct stat s;\ | 82 | struct stat s;\ |
83 | if (stat(file, &s) == -1) errExit("stat");\ | 83 | if (stat(file, &s) == -1) errExit("stat");\ |
84 | assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\ | 84 | assert(s.st_uid == uid);\ |
85 | assert(s.st_gid == gid);\ | ||
86 | assert((s.st_mode & 07777) == (mode));\ | ||
85 | } while (0) | 87 | } while (0) |
86 | #define ASSERT_PERMS_FD(fd, uid, gid, mode) \ | 88 | #define ASSERT_PERMS_FD(fd, uid, gid, mode) \ |
87 | do { \ | 89 | do { \ |
88 | struct stat s;\ | 90 | struct stat s;\ |
89 | if (stat(fd, &s) == -1) errExit("stat");\ | 91 | if (stat(fd, &s) == -1) errExit("stat");\ |
90 | assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\ | 92 | assert(s.st_uid == uid);\ |
93 | assert(s.st_gid == gid);\ | ||
94 | assert((s.st_mode & 07777) == (mode));\ | ||
91 | } while (0) | 95 | } while (0) |
92 | #define ASSERT_PERMS_STREAM(file, uid, gid, mode) \ | 96 | #define ASSERT_PERMS_STREAM(file, uid, gid, mode) \ |
93 | do { \ | 97 | do { \ |
94 | int fd = fileno(file);\ | 98 | int fd = fileno(file);\ |
95 | if (fd == -1) errExit("fileno");\ | 99 | if (fd == -1) errExit("fileno");\ |
96 | ASSERT_PERMS_FD(fd, uid, gid, mode);\ | 100 | ASSERT_PERMS_FD(fd, uid, gid, (mode));\ |
97 | } while (0) | 101 | } while (0) |
98 | 102 | ||
99 | // main.c | 103 | // main.c |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 27e2a7f1a..2181a274b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1561,17 +1561,21 @@ int main(int argc, char **argv) { | |||
1561 | arg_writable_var = 1; | 1561 | arg_writable_var = 1; |
1562 | } | 1562 | } |
1563 | else if (strcmp(argv[i], "--private") == 0) { | 1563 | else if (strcmp(argv[i], "--private") == 0) { |
1564 | #if 0 | ||
1564 | if (arg_private_template) { | 1565 | if (arg_private_template) { |
1565 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | 1566 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); |
1566 | exit(1); | 1567 | exit(1); |
1567 | } | 1568 | } |
1569 | #endif | ||
1568 | arg_private = 1; | 1570 | arg_private = 1; |
1569 | } | 1571 | } |
1570 | else if (strncmp(argv[i], "--private=", 10) == 0) { | 1572 | else if (strncmp(argv[i], "--private=", 10) == 0) { |
1573 | #if 0 | ||
1571 | if (arg_private_template) { | 1574 | if (arg_private_template) { |
1572 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | 1575 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); |
1573 | exit(1); | 1576 | exit(1); |
1574 | } | 1577 | } |
1578 | #endif | ||
1575 | // extract private home dirname | 1579 | // extract private home dirname |
1576 | cfg.home_private = argv[i] + 10; | 1580 | cfg.home_private = argv[i] + 10; |
1577 | if (*cfg.home_private == '\0') { | 1581 | if (*cfg.home_private == '\0') { |
@@ -1581,6 +1585,7 @@ int main(int argc, char **argv) { | |||
1581 | fs_check_private_dir(); | 1585 | fs_check_private_dir(); |
1582 | arg_private = 1; | 1586 | arg_private = 1; |
1583 | } | 1587 | } |
1588 | #if 0 | ||
1584 | else if (strncmp(argv[i], "--private-template=", 19) == 0) { | 1589 | else if (strncmp(argv[i], "--private-template=", 19) == 0) { |
1585 | cfg.private_template = argv[i] + 19; | 1590 | cfg.private_template = argv[i] + 19; |
1586 | if (arg_private) { | 1591 | if (arg_private) { |
@@ -1594,6 +1599,7 @@ int main(int argc, char **argv) { | |||
1594 | fs_check_private_template(); | 1599 | fs_check_private_template(); |
1595 | arg_private_template = 1; | 1600 | arg_private_template = 1; |
1596 | } | 1601 | } |
1602 | #endif | ||
1597 | else if (strcmp(argv[i], "--private-dev") == 0) { | 1603 | else if (strcmp(argv[i], "--private-dev") == 0) { |
1598 | arg_private_dev = 1; | 1604 | arg_private_dev = 1; |
1599 | } | 1605 | } |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 916e39892..ee5d8c159 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -630,7 +630,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
630 | return 0; | 630 | return 0; |
631 | } | 631 | } |
632 | 632 | ||
633 | 633 | #if 0 | |
634 | if (strncmp(ptr, "private-template ", 17) == 0) { | 634 | if (strncmp(ptr, "private-template ", 17) == 0) { |
635 | if (arg_private) { | 635 | if (arg_private) { |
636 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | 636 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); |
@@ -642,6 +642,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
642 | 642 | ||
643 | return 0; | 643 | return 0; |
644 | } | 644 | } |
645 | #endif | ||
645 | // private /etc list of files and directories | 646 | // private /etc list of files and directories |
646 | if (strncmp(ptr, "private-etc ", 12) == 0) { | 647 | if (strncmp(ptr, "private-etc ", 12) == 0) { |
647 | if (arg_writable_etc) { | 648 | if (arg_writable_etc) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 40df00a98..5f845fbd3 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -544,9 +544,11 @@ int sandbox(void* sandbox_arg) { | |||
544 | else // --private | 544 | else // --private |
545 | fs_private(); | 545 | fs_private(); |
546 | } | 546 | } |
547 | 547 | ||
548 | #if 0 | ||
548 | if (arg_private_template) | 549 | if (arg_private_template) |
549 | fs_private_template(); | 550 | fs_private_template(); |
551 | #endif | ||
550 | 552 | ||
551 | if (arg_private_dev) { | 553 | if (arg_private_dev) { |
552 | if (cfg.chrootdir) | 554 | if (cfg.chrootdir) |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index d4eab7802..363f973e8 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -221,10 +221,25 @@ $ firejail \-\-overlay-path=~/jails/jail1 firefox | |||
221 | printf("\tfilesystems. All modifications are discarded when the sandbox is\n"); | 221 | printf("\tfilesystems. All modifications are discarded when the sandbox is\n"); |
222 | printf("\tclosed.\n\n"); | 222 | printf("\tclosed.\n\n"); |
223 | printf(" --private=directory - use directory as user home.\n\n"); | 223 | printf(" --private=directory - use directory as user home.\n\n"); |
224 | 224 | #if 0 | |
225 | printf(" --private-template=directory - same as --private but copy the\n"); | 225 | printf(" --private-template=directory - same as --private but copy the\n"); |
226 | printf("\ttemplatedirectory in the tmpfs mounted user home.\n\n"); | 226 | printf("\ttemplatedirectory in the tmpfs mounted user home.\n\n"); |
227 | 227 | ||
228 | .TP | ||
229 | \fB\-\-private-template=templatedir | ||
230 | Mount new /root and /home/user directories in temporary | ||
231 | filesystems, and copy all files in templatedir. All modifications are discarded when the sandbox is | ||
232 | closed. | ||
233 | .br | ||
234 | |||
235 | .br | ||
236 | Example: | ||
237 | .br | ||
238 | $ firejail \-\-private-template=/home/netblue/.config/mozilla firefox | ||
239 | #endif | ||
240 | |||
241 | |||
242 | |||
228 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); | 243 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); |
229 | printf("\tand copy the programs in the list.\n\n"); | 244 | printf("\tand copy the programs in the list.\n\n"); |
230 | 245 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 19fca9854..434c29c0f 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1086,18 +1086,6 @@ Example: | |||
1086 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 1086 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
1087 | 1087 | ||
1088 | .TP | 1088 | .TP |
1089 | \fB\-\-private-template=templatedir | ||
1090 | Mount new /root and /home/user directories in temporary | ||
1091 | filesystems, and copy all files in templatedir. All modifications are discarded when the sandbox is | ||
1092 | closed. | ||
1093 | .br | ||
1094 | |||
1095 | .br | ||
1096 | Example: | ||
1097 | .br | ||
1098 | $ firejail \-\-private-template=/home/netblue/.config/mozilla firefox | ||
1099 | |||
1100 | .TP | ||
1101 | \fB\-\-private-bin=file,file | 1089 | \fB\-\-private-bin=file,file |
1102 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 1090 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
1103 | If no listed file is found, /bin directory will be empty. | 1091 | If no listed file is found, /bin directory will be empty. |