diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-03 09:20:55 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-03 09:20:55 -0400 |
commit | ae906b1042ee87166f43488adf4910d8d1b60af4 (patch) | |
tree | c7e22df6386ebd6fd8a4b1a23affccf7746b00ec | |
parent | lxc test fixes (diff) | |
download | firejail-ae906b1042ee87166f43488adf4910d8d1b60af4.tar.gz firejail-ae906b1042ee87166f43488adf4910d8d1b60af4.tar.zst firejail-ae906b1042ee87166f43488adf4910d8d1b60af4.zip |
fixed firejail symlink problem for --private-bin option
-rw-r--r-- | src/firejail/fs_bin.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 251a1cb8f..8c1fd8e81 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -48,8 +48,25 @@ static char *check_dir_or_file(const char *name) { | |||
48 | errExit("asprintf"); | 48 | errExit("asprintf"); |
49 | if (arg_debug) | 49 | if (arg_debug) |
50 | printf("Checking %s/%s\n", paths[i], name); | 50 | printf("Checking %s/%s\n", paths[i], name); |
51 | if (stat(fname, &s) == 0 && !S_ISDIR(s.st_mode)) // do not allow directories | 51 | if (stat(fname, &s) == 0 && !S_ISDIR(s.st_mode)) { // do not allow directories |
52 | // check symlink to firejail executable in /usr/local/bin | ||
53 | if (strcmp(paths[i], "/usr/local/bin") == 0 && is_link(fname)) { | ||
54 | char *actual_path = realpath(fname, NULL); | ||
55 | if (actual_path) { | ||
56 | char *ptr = strstr(actual_path, "/firejail"); | ||
57 | if (ptr && strlen(ptr) == strlen("/firejail")) { | ||
58 | if (arg_debug) | ||
59 | printf("firejail exec symlink detected\n"); | ||
60 | free(fname); | ||
61 | fname = NULL; | ||
62 | i++; | ||
63 | continue; | ||
64 | } | ||
65 | } | ||
66 | |||
67 | } | ||
52 | break; // file found | 68 | break; // file found |
69 | } | ||
53 | 70 | ||
54 | free(fname); | 71 | free(fname); |
55 | fname = NULL; | 72 | fname = NULL; |