fixed join/shutdown problem, moving browsers and mail clients to a --shell=none default in profile files

13 files changed, 76 insertions, 32 deletions

diff --git a/etc/chromium.profile b/etc/chromium.profile
index 6c3a5f2f8..81a4d7861 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -5,5 +5,7 @@ include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
 netfilter
+shell none
+
 
 
diff --git a/etc/firefox.profile b/etc/firefox.profile
index fae7d7ad4..ec95324c8 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -8,5 +8,7 @@ caps.drop all
 seccomp
 netfilter
 noroot
+shell none
+
 
 
diff --git a/etc/midori.profile b/etc/midori.profile
index 7ce9b7151..a1089d2d7 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -7,4 +7,5 @@ include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
+shell none
 
diff --git a/etc/opera.profile b/etc/opera.profile
index d55c0aaa3..c20e6b614 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -6,5 +6,6 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
 netfilter
 noroot
+shell none
 
 
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 9305d06b0..e2f1f338b 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -20,4 +20,5 @@ caps.drop all
 seccomp
 netfilter
 noroot
+shell none
 
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 12d0eec57..7c5f9d2d9 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -427,14 +427,9 @@ void caps_print_filter(pid_t pid) {
         // check privileges for non-root users
         uid_t uid = getuid();
         if (uid != 0) {
-                struct stat s;
-                char *dir;
-                if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
-                        errExit("asprintf");
-                if (stat(dir, &s) < 0)
-                        errExit("stat");
-                if (s.st_uid != uid) {
-                        printf("Error: permission denied.\n");
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
+                        fprintf(stderr, "Error: permission denied.\n");
                         exit(1);
                 }
         }
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 6a88d7e17..2e82dabc9 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -295,6 +295,7 @@ void wait_for_other(int fd);
 void notify_other(int fd);
 char *expand_home(const char *path, const char* homedir);
 const char *gnu_basename(const char *path);
+uid_t pid_get_uid(pid_t pid);
 
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/join.c b/src/firejail/join.c
index fcc5e05d1..acd17366a 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -215,13 +215,8 @@ void join(pid_t pid, const char *homedir, int argc, char **argv, int index) {
         // check privileges for non-root users
         uid_t uid = getuid();
         if (uid != 0) {
-                struct stat s;
-                char *dir;
-                if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
-                        errExit("asprintf");
-                if (stat(dir, &s) < 0)
-                        errExit("stat");
-                if (s.st_uid != uid) {
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
                         fprintf(stderr, "Error: permission is denied to join a sandbox created by a different user.\n");
                         exit(1);
                 }
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 7c0bd322d..5d6bc1de9 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -783,14 +783,9 @@ void seccomp_print_filter(pid_t pid) {
         // check privileges for non-root users
         uid_t uid = getuid();
         if (uid != 0) {
-                struct stat s;
-                char *dir;
-                if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
-                        errExit("asprintf");
-                if (stat(dir, &s) < 0)
-                        errExit("stat");
-                if (s.st_uid != uid) {
-                        printf("Error: permission denied.\n");
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
+                        fprintf(stderr, "Error: permission denied.\n");
                         exit(1);
                 }
         }
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index f37869bd0..649f86800 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -60,13 +60,8 @@ void shut(pid_t pid) {
         // check privileges for non-root users
         uid_t uid = getuid();
         if (uid != 0) {
-                struct stat s;
-                char *dir;
-                if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
-                        errExit("asprintf");
-                if (stat(dir, &s) < 0)
-                        errExit("stat");
-                if (s.st_uid != uid) {
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
                         fprintf(stderr, "Error: permission is denied to shutdown a sandbox created by a different user.\n");
                         exit(1);
                 }
diff --git a/src/firejail/util.c b/src/firejail/util.c
index a9e96266c..9ad937f55 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -492,3 +492,46 @@ const char *gnu_basename(const char *path)
                 return path;
         return last_slash+1;
 }
+
+uid_t pid_get_uid(pid_t pid) {
+        uid_t rv = 0;
+        
+        // open status file
+        char *file;
+        if (asprintf(&file, "/proc/%u/status", pid) == -1) {
+                perror("asprintf");
+                exit(1);
+        }
+        FILE *fp = fopen(file, "r");
+        if (!fp) {
+                free(file);
+                fprintf(stderr, "Error: cannot open /proc file\n");
+                exit(1);
+        }
+
+        // extract uid
+        static const int PIDS_BUFLEN = 1024;
+        char buf[PIDS_BUFLEN];
+        while (fgets(buf, PIDS_BUFLEN - 1, fp)) {
+                if (strncmp(buf, "Uid:", 4) == 0) {
+                        char *ptr = buf + 5;
+                        while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) {
+                                ptr++;
+                        }
+                        if (*ptr == '\0')
+                                break;
+                                
+                        rv = atoi(ptr);
+                        break; // break regardless!
+                }
+        }
+
+        fclose(fp);
+        free(file);
+        
+        if (rv == 0) {
+                fprintf(stderr, "Error: cannot read /proc file\n");
+                exit(1);
+        }
+        return rv;
+}
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 1a1797ce2..720d4eeb6 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -137,7 +137,7 @@ char *pid_get_user_name(uid_t uid) {
 uid_t pid_get_uid(pid_t pid) {
         uid_t rv = 0;
         
-        // open stat file
+        // open statua file
         char *file;
         if (asprintf(&file, "/proc/%u/status", pid) == -1) {
                 perror("asprintf");
@@ -149,7 +149,7 @@ uid_t pid_get_uid(pid_t pid) {
                 return 0;
         }
 
-        // look for firejail executable name
+        // extract uid
         char buf[PIDS_BUFLEN];
         while (fgets(buf, PIDS_BUFLEN - 1, fp)) {
                 if (strncmp(buf, "Uid:", 4) == 0) {
diff --git a/todo b/todo
index 588eac18c..c9003c4d7 100644
--- a/todo
+++ b/todo
@@ -69,5 +69,18 @@ profile_syntax.exp (profile syntax)
 fs_chroot.exp (chroot as user)
 private-etc.exp
 
+8. Disable /dev/tcp in bash. Compiled time: --enable-net-redirections, --disable-net-redirections
+ksh and zsh seem to have it.
 
+Tests:
+a)
+cat </dev/tcp/time.nist.gov/13
+
+b)
+exec 3<>/dev/tcp/www.google.com/80
+echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
+cat <&3
+
+c) A list of attacks
+http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/