diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-10-02 17:31:12 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2018-10-02 17:31:12 +0200 |
| commit | a375511686701ab2094980804f4c81ea06c3469b (patch) | |
| tree | d6ff63e598f3fb1661b4776c3b53383c8ab260d9 | |
| parent | mount empty home if macro can't be whitelisted (diff) | |
| download | firejail-a375511686701ab2094980804f4c81ea06c3469b.tar.gz firejail-a375511686701ab2094980804f4c81ea06c3469b.tar.zst firejail-a375511686701ab2094980804f4c81ea06c3469b.zip | |
incomplete fix: whitelisting of symlinks to other home dirs
belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51
short summary of the new behavior, which should catch a few corner cases better:
- a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was
mounted on the users homedir, which was wrong)
- a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this)
- a symlink pointing back to the entire homedir now works as expected
| -rw-r--r-- | src/firejail/fs_whitelist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 2d4640430..6dd4a7e2d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -430,7 +430,7 @@ void fs_whitelist(void) { | |||
| 430 | 430 | ||
| 431 | // if 1 the file was not found; mount an empty directory | 431 | // if 1 the file was not found; mount an empty directory |
| 432 | if (!nowhitelist_flag) { | 432 | if (!nowhitelist_flag) { |
| 433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { |
| 434 | if(!arg_private) | 434 | if(!arg_private) |
| 435 | home_dir = 1; | 435 | home_dir = 1; |
| 436 | } | 436 | } |