aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-08-30 00:58:21 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2018-08-30 00:58:21 +0200
commitbbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7 (patch)
tree04a8ace3149edbdbe9648dd85c94f7a77e5f737d
parentreject chroot if it is world-writable, related enhancements (diff)
downloadfirejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.tar.gz
firejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.tar.zst
firejail-bbac3af66e82f9f0fbfdbbdf1c0e7e3cbaea6be7.zip
little tweak
Diffstat
-rw-r--r--src/firejail/main.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 435c04d76..6170806f9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1500,15 +1500,14 @@ int main(int argc, char **argv) {
1500 cfg.chrootdir = tmp; 1500 cfg.chrootdir = tmp;
1501 } 1501 }
1502 1502
1503 // check chroot dirname exists 1503 if (strstr(cfg.chrootdir, "..") || is_link(cfg.chrootdir)) {
1504 if (strstr(cfg.chrootdir, "..") || !is_dir(cfg.chrootdir) || is_link(cfg.chrootdir)) {
1505 fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); 1504 fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir);
1506 return 1; 1505 return 1;
1507 } 1506 }
1508 1507
1509 // don't allow "--chroot=/" 1508 // check chroot dirname exists, don't allow "--chroot=/"
1510 char *rpath = realpath(cfg.chrootdir, NULL); 1509 char *rpath = realpath(cfg.chrootdir, NULL);
1511 if (rpath == NULL || strcmp(rpath, "/") == 0) { 1510 if (rpath == NULL || !is_dir(rpath) || strcmp(rpath, "/") == 0) {
1512 fprintf(stderr, "Error: invalid chroot directory\n"); 1511 fprintf(stderr, "Error: invalid chroot directory\n");
1513 exit(1); 1512 exit(1);
1514 } 1513 }
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-29 19:32:47 +0000