diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-09-03 14:51:41 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-09-03 14:51:41 -0400 |
| commit | 8f34c477232df8169dd7a3953a9d9ab7a8cc2b8f (patch) | |
| tree | f176a6f5881faf1fc1265f9be1b063ebaa67148b | |
| parent | adding fluxbox, blackbox, awesome, i3 profiles (diff) | |
| download | firejail-8f34c477232df8169dd7a3953a9d9ab7a8cc2b8f.tar.gz firejail-8f34c477232df8169dd7a3953a9d9ab7a8cc2b8f.tar.zst firejail-8f34c477232df8169dd7a3953a9d9ab7a8cc2b8f.zip | |
fix --shell
| -rw-r--r-- | src/firejail/main.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index c335ef13d..fe9118580 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -771,18 +771,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 771 | 771 | ||
| 772 | } | 772 | } |
| 773 | 773 | ||
| 774 | |||
| 775 | |||
| 776 | char *guess_shell(void) { | 774 | char *guess_shell(void) { |
| 777 | char *shell = NULL; | 775 | char *shell = NULL; |
| 778 | struct stat s; | 776 | struct stat s; |
| 779 | 777 | ||
| 780 | shell = getenv("SHELL"); | 778 | shell = getenv("SHELL"); |
| 781 | if (shell) { | 779 | if (shell) { |
| 782 | // TODO: handle rogue shell variables? | 780 | invalid_filename(shell, 0); // no globbing |
| 783 | if (stat(shell, &s) == 0 && access(shell, R_OK) == 0) { | 781 | if (!is_dir(shell) && strstr(shell, "..") == NULL && stat(shell, &s) == 0 && access(shell, X_OK) == 0) |
| 784 | return shell; | 782 | return shell; |
| 785 | } | ||
| 786 | } | 783 | } |
| 787 | 784 | ||
| 788 | // shells in order of preference | 785 | // shells in order of preference |
| @@ -791,7 +788,7 @@ char *guess_shell(void) { | |||
| 791 | int i = 0; | 788 | int i = 0; |
| 792 | while (shells[i] != NULL) { | 789 | while (shells[i] != NULL) { |
| 793 | // access call checks as real UID/GID, not as effective UID/GID | 790 | // access call checks as real UID/GID, not as effective UID/GID |
| 794 | if (stat(shells[i], &s) == 0 && access(shells[i], R_OK) == 0) { | 791 | if (stat(shells[i], &s) == 0 && access(shells[i], X_OK) == 0) { |
| 795 | shell = shells[i]; | 792 | shell = shells[i]; |
| 796 | break; | 793 | break; |
| 797 | } | 794 | } |
| @@ -2142,12 +2139,12 @@ int main(int argc, char **argv) { | |||
| 2142 | char *shellpath; | 2139 | char *shellpath; |
| 2143 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | 2140 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) |
| 2144 | errExit("asprintf"); | 2141 | errExit("asprintf"); |
| 2145 | if (access(shellpath, R_OK)) { | 2142 | if (access(shellpath, X_OK)) { |
| 2146 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | 2143 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); |
| 2147 | exit(1); | 2144 | exit(1); |
| 2148 | } | 2145 | } |
| 2149 | free(shellpath); | 2146 | free(shellpath); |
| 2150 | } else if (access(cfg.shell, R_OK)) { | 2147 | } else if (access(cfg.shell, X_OK)) { |
| 2151 | fprintf(stderr, "Error: cannot access shell file\n"); | 2148 | fprintf(stderr, "Error: cannot access shell file\n"); |
| 2152 | exit(1); | 2149 | exit(1); |
| 2153 | } | 2150 | } |