aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>2018-07-31 12:03:20 -0400
committerLibravatar ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>2018-07-31 12:03:20 -0400
commit5deab9ef051e37156d445c7133843b6572809292 (patch)
treeeefe20a46b626684e56795cfa5eadf991c7bdf93
parentSound fixes (diff)
downloadfirejail-5deab9ef051e37156d445c7133843b6572809292.tar.gz
firejail-5deab9ef051e37156d445c7133843b6572809292.tar.zst
firejail-5deab9ef051e37156d445c7133843b6572809292.zip
Check to see if expand_home is called as root and switch to user (and restore root at the end)
Diffstat
-rw-r--r--src/firejail/util.c47
1 files changed, 45 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 0d6f5ea02..d501a469d 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -77,7 +77,6 @@ char *doentry[] = {
77}; 77};
78 78
79char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) { 79char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) {
80 /* EUID_ASSERT(); */
81 char *fname; 80 char *fname;
82 struct stat s; 81 struct stat s;
83 82
@@ -143,7 +142,6 @@ char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) {
143} 142}
144 143
145char *resolve_hardcoded(int flags, char *entries[], const char *prnt) { 144char *resolve_hardcoded(int flags, char *entries[], const char *prnt) {
146 /* EUID_ASSERT(); */
147 char *fname; 145 char *fname;
148 struct stat s; 146 struct stat s;
149 147
@@ -865,22 +863,39 @@ void notify_other(int fd) {
865char *expand_home(const char *path, const char* homedir) { 863char *expand_home(const char *path, const char* homedir) {
866 assert(path); 864 assert(path);
867 assert(homedir); 865 assert(homedir);
866
867 int called_as_root = 0;
868
869 if(geteuid() == 0)
870 called_as_root = 1;
871
872 if(called_as_root) {
873 EUID_USER();
874 }
875
876 EUID_ASSERT();
868 877
869 // Replace home macro 878 // Replace home macro
870 char *new_name = NULL; 879 char *new_name = NULL;
871 if (strncmp(path, "${HOME}", 7) == 0) { 880 if (strncmp(path, "${HOME}", 7) == 0) {
872 if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) 881 if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1)
873 errExit("asprintf"); 882 errExit("asprintf");
883 if(called_as_root)
884 EUID_ROOT();
874 return new_name; 885 return new_name;
875 } 886 }
876 else if (*path == '~') { 887 else if (*path == '~') {
877 if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) 888 if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1)
878 errExit("asprintf"); 889 errExit("asprintf");
890 if(called_as_root)
891 EUID_ROOT();
879 return new_name; 892 return new_name;
880 } 893 }
881 else if (strncmp(path, "${CFG}", 6) == 0) { 894 else if (strncmp(path, "${CFG}", 6) == 0) {
882 if (asprintf(&new_name, "%s%s", SYSCONFDIR, path + 6) == -1) 895 if (asprintf(&new_name, "%s%s", SYSCONFDIR, path + 6) == -1)
883 errExit("asprintf"); 896 errExit("asprintf");
897 if(called_as_root)
898 EUID_ROOT();
884 return new_name; 899 return new_name;
885 } 900 }
886 901
@@ -890,11 +905,15 @@ char *expand_home(const char *path, const char* homedir) {
890 if(tmp) { 905 if(tmp) {
891 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) 906 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1)
892 errExit("asprintf"); 907 errExit("asprintf");
908 if(called_as_root)
909 EUID_ROOT();
893 return new_name; 910 return new_name;
894 } 911 }
895 else if(tmp2) { 912 else if(tmp2) {
896 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) 913 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1)
897 errExit("asprintf"); 914 errExit("asprintf");
915 if(called_as_root)
916 EUID_ROOT();
898 return new_name; 917 return new_name;
899 } 918 }
900 } 919 }
@@ -905,11 +924,15 @@ char *expand_home(const char *path, const char* homedir) {
905 if(tmp) { 924 if(tmp) {
906 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 8) == -1) 925 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 8) == -1)
907 errExit("asprintf"); 926 errExit("asprintf");
927 if(called_as_root)
928 EUID_ROOT();
908 return new_name; 929 return new_name;
909 } 930 }
910 else if(tmp2) { 931 else if(tmp2) {
911 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 8) == -1) 932 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 8) == -1)
912 errExit("asprintf"); 933 errExit("asprintf");
934 if(called_as_root)
935 EUID_ROOT();
913 return new_name; 936 return new_name;
914 } 937 }
915 } 938 }
@@ -920,11 +943,15 @@ char *expand_home(const char *path, const char* homedir) {
920 if(tmp) { 943 if(tmp) {
921 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 9) == -1) 944 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 9) == -1)
922 errExit("asprintf"); 945 errExit("asprintf");
946 if(called_as_root)
947 EUID_ROOT();
923 return new_name; 948 return new_name;
924 } 949 }
925 else if(tmp2) { 950 else if(tmp2) {
926 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 9) == -1) 951 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 9) == -1)
927 errExit("asprintf"); 952 errExit("asprintf");
953 if(called_as_root)
954 EUID_ROOT();
928 return new_name; 955 return new_name;
929 } 956 }
930 } 957 }
@@ -935,11 +962,15 @@ char *expand_home(const char *path, const char* homedir) {
935 if(tmp) { 962 if(tmp) {
936 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 11) == -1) 963 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 11) == -1)
937 errExit("asprintf"); 964 errExit("asprintf");
965 if(called_as_root)
966 EUID_ROOT();
938 return new_name; 967 return new_name;
939 } 968 }
940 else if(tmp2) { 969 else if(tmp2) {
941 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 11) == -1) 970 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 11) == -1)
942 errExit("asprintf"); 971 errExit("asprintf");
972 if(called_as_root)
973 EUID_ROOT();
943 return new_name; 974 return new_name;
944 } 975 }
945 } 976 }
@@ -950,11 +981,15 @@ char *expand_home(const char *path, const char* homedir) {
950 if(tmp) { 981 if(tmp) {
951 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 10) == -1) 982 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 10) == -1)
952 errExit("asprintf"); 983 errExit("asprintf");
984 if(called_as_root)
985 EUID_ROOT();
953 return new_name; 986 return new_name;
954 } 987 }
955 else if(tmp2) { 988 else if(tmp2) {
956 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 10) == -1) 989 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 10) == -1)
957 errExit("asprintf"); 990 errExit("asprintf");
991 if(called_as_root)
992 EUID_ROOT();
958 return new_name; 993 return new_name;
959 } 994 }
960 } 995 }
@@ -965,11 +1000,15 @@ char *expand_home(const char *path, const char* homedir) {
965 if(tmp) { 1000 if(tmp) {
966 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) 1001 if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1)
967 errExit("asprintf"); 1002 errExit("asprintf");
1003 if(called_as_root)
1004 EUID_ROOT();
968 return new_name; 1005 return new_name;
969 } 1006 }
970 else if(tmp2) { 1007 else if(tmp2) {
971 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) 1008 if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1)
972 errExit("asprintf"); 1009 errExit("asprintf");
1010 if(called_as_root)
1011 EUID_ROOT();
973 return new_name; 1012 return new_name;
974 } 1013 }
975 } 1014 }
@@ -977,6 +1016,10 @@ char *expand_home(const char *path, const char* homedir) {
977 char *rv = strdup(path); 1016 char *rv = strdup(path);
978 if (!rv) 1017 if (!rv)
979 errExit("strdup"); 1018 errExit("strdup");
1019
1020 if(called_as_root)
1021 EUID_ROOT();
1022
980 return rv; 1023 return rv;
981} 1024}
982 1025
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 14:11:20 +0000