diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-03-09 16:42:04 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-03-09 16:42:04 -0500 |
| commit | 66f8107330d3e1ebea6566f4288b8f41d8f36621 (patch) | |
| tree | d7cd0279bb0060c0ddb3dc5a4b44a054d8c83f56 | |
| parent | private-lib cleanup (diff) | |
| download | firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.tar.gz firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.tar.zst firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.zip | |
allow symlinks for .asoundrc (5709)
| -rw-r--r-- | src/firejail/fs_home.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 624e74fe4..ac80456da 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
| @@ -185,20 +185,10 @@ static int store_asoundrc(void) { | |||
| 185 | errExit("asprintf"); | 185 | errExit("asprintf"); |
| 186 | 186 | ||
| 187 | struct stat s; | 187 | struct stat s; |
| 188 | if (lstat(src, &s) == 0) { | 188 | if (stat(src, &s) == 0) { |
| 189 | if (S_ISLNK(s.st_mode)) { | 189 | if (s.st_uid != getuid() || s.st_gid != getgid()) { |
| 190 | // make sure the real path of the file is inside the home directory | 190 | fwarning(".asoundrc is not owned by the current user, skipping...\n"); |
| 191 | /* coverity[toctou] */ | 191 | return 0; |
| 192 | char *rp = realpath(src, NULL); | ||
| 193 | if (!rp) { | ||
| 194 | fprintf(stderr, "Error: Cannot access %s\n", src); | ||
| 195 | exit(1); | ||
| 196 | } | ||
| 197 | if (strncmp(rp, cfg.homedir, strlen(cfg.homedir)) != 0 || rp[strlen(cfg.homedir)] != '/') { | ||
| 198 | fprintf(stderr, "Error: .asoundrc is a symbolic link pointing to a file outside home directory\n"); | ||
| 199 | exit(1); | ||
| 200 | } | ||
| 201 | free(rp); | ||
| 202 | } | 192 | } |
| 203 | 193 | ||
| 204 | // create an empty file as root, and change ownership to user | 194 | // create an empty file as root, and change ownership to user |