reverted back commit 22414ad - TOCTOU condition found by Martin Carpenter

author: netblue30 <netblue30@yahoo.com> 2017-03-25 11:44:02 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-03-25 11:44:02 -0400
commit: 2131e7379f1fa2531321ee4b0ea50bcb2c8156b8 (patch)
tree: 0363f0e9a7b0fbc0d9d23c50233c18f7de383b7b
parent: Use thunderbird instead of icedove for testing (diff)
download: firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.tar.gz
firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.tar.zst
firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.zip
3 files changed, 4 insertions, 16 deletions
diff --git a/RELNOTES b/RELNOTES
index 61732c390..4775cf0f6 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -34,9 +34,6 @@ firejail (0.9.45) baseline; urgency=low
  * feature: allow /tmp directory in mkdir and mkfile profile commands
  * feature: implemented --noblacklist command, profile support
  * feature: config support to disable access to /mnt and /media (disable-mnt)
-  * feature: allow tmpfs for regular users for files in home directory
-  * feature: mount a tmpfs on top of ~/.cache directory by default
-  * feature: config support to disable tmpfs mounting on ~/.cache (cache-tmpfs)
  * feature: config support to disable join (join)
  * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 3413febcb..e1bac33f3 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -481,6 +481,7 @@ void fs_mnt(void) {
 void fs_cache(void) {
+#if 0
        if (arg_debug)
                printf("Deploy ~/.cache tmpfs\n");
        char *cache;
@@ -488,6 +489,7 @@ void fs_cache(void) {
                errExit("asprintf");
        disable_file(MOUNT_TMPFS, cache);
        free(cache);
+#endif
 }
 // mount /proc and /sys directories
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 4b3cab041..993acf2aa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -970,19 +970,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                ptr += 7;
        else if (strncmp(ptr, "tmpfs ", 6) == 0) {
                if (getuid() != 0) {
-                        // allow a non-root user  to mount tmpfs in user home directory, links are not allowed
+                        fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n");
-                        invalid_filename(ptr + 6);
+                        exit(1);
-                        char *newfname = expand_home(ptr + 6, cfg.homedir);
-                        assert(newfname);
-                        if (is_link(newfname)) {
-                                fprintf(stderr, "Error: for regular user, tmpfs is not available for symbolic links\n");
-                                exit(1);        
-                        }
-                        if (strncmp(newfname, cfg.homedir, strlen(cfg.homedir)) != 0) {
-                                fprintf(stderr, "Error: for regular user, tmpfs is available only for files in user home directory\n");
-                                exit(1);        
-                        }
-                        free(newfname);
                }
                ptr += 6;
        }
author	netblue30 <netblue30@yahoo.com>	2017-03-25 11:44:02 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-03-25 11:44:02 -0400
commit	2131e7379f1fa2531321ee4b0ea50bcb2c8156b8 (patch)
tree	0363f0e9a7b0fbc0d9d23c50233c18f7de383b7b
parent	Use thunderbird instead of icedove for testing (diff)
download	firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.tar.gz firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.tar.zst firejail-2131e7379f1fa2531321ee4b0ea50bcb2c8156b8.zip