diff options
author | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-08-16 09:42:58 -0400 |
---|---|---|
committer | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-08-16 09:42:58 -0400 |
commit | b0f49116fb026fe08fc30c495c637c42ed3195ad (patch) | |
tree | 0656986b7e39f857f48c576f7671a29001a56ace /src/fbuilder/build_home.c | |
parent | harden private-home mounting, small improvements (diff) | |
download | firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.gz firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.zst firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.zip |
Generate temporary filenames instead of using a fixed one (fixes #2083)
Diffstat (limited to 'src/fbuilder/build_home.c')
-rw-r--r-- | src/fbuilder/build_home.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 7470a8d10..d97b6b33a 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -47,17 +47,18 @@ static void load_whitelist_common(void) { | |||
47 | fclose(fp); | 47 | fclose(fp); |
48 | } | 48 | } |
49 | 49 | ||
50 | void process_home(const char *fname, char *home, int home_len) { | 50 | void process_home(char *fname, FILE *fp, char *home, int home_len) { |
51 | assert(fname); | 51 | assert(fname); |
52 | assert(fp); | ||
52 | assert(home); | 53 | assert(home); |
53 | assert(home_len); | 54 | assert(home_len); |
54 | 55 | ||
55 | // process trace file | 56 | // process trace file |
56 | FILE *fp = fopen(fname, "r"); | 57 | /* FILE *fp = fdopen(fd, "r"); */ |
57 | if (!fp) { | 58 | /* if (!fp) { */ |
58 | fprintf(stderr, "Error: cannot open %s\n", fname); | 59 | /* fprintf(stderr, "Error: cannot open %s\n", fname); */ |
59 | exit(1); | 60 | /* exit(1); */ |
60 | } | 61 | /* } */ |
61 | 62 | ||
62 | char buf[MAX_BUF]; | 63 | char buf[MAX_BUF]; |
63 | while (fgets(buf, MAX_BUF, fp)) { | 64 | while (fgets(buf, MAX_BUF, fp)) { |
@@ -153,13 +154,15 @@ void process_home(const char *fname, char *home, int home_len) { | |||
153 | free(dir); | 154 | free(dir); |
154 | 155 | ||
155 | } | 156 | } |
156 | fclose(fp); | 157 | /* fclose(fp); */ |
157 | } | 158 | } |
158 | 159 | ||
159 | 160 | ||
160 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 161 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
161 | void build_home(const char *fname, FILE *fp) { | 162 | void build_home(char *fname, FILE *fp, FILE *fpo) { |
162 | assert(fname); | 163 | assert(fname); |
164 | assert(fp); | ||
165 | assert(fpo); | ||
163 | 166 | ||
164 | // load whitelist common | 167 | // load whitelist common |
165 | load_whitelist_common(); | 168 | load_whitelist_common(); |
@@ -174,7 +177,7 @@ void build_home(const char *fname, FILE *fp) { | |||
174 | int home_len = strlen(home); | 177 | int home_len = strlen(home); |
175 | 178 | ||
176 | // run fname | 179 | // run fname |
177 | process_home(fname, home, home_len); | 180 | process_home(fname, fp, home, home_len); |
178 | 181 | ||
179 | // run all the rest | 182 | // run all the rest |
180 | struct stat s; | 183 | struct stat s; |
@@ -183,17 +186,21 @@ void build_home(const char *fname, FILE *fp) { | |||
183 | char *newname; | 186 | char *newname; |
184 | if (asprintf(&newname, "%s.%d", fname, i) == -1) | 187 | if (asprintf(&newname, "%s.%d", fname, i) == -1) |
185 | errExit("asprintf"); | 188 | errExit("asprintf"); |
186 | if (stat(newname, &s) == 0) | 189 | if (stat(newname, &s) == 0) { |
187 | process_home(newname, home, home_len); | 190 | int nfd = open(newname, O_RDONLY); |
191 | FILE *nfp = fdopen(nfd, "r"); | ||
192 | process_home(newname, nfp, home, home_len); | ||
193 | fclose(nfp); | ||
194 | } | ||
188 | free(newname); | 195 | free(newname); |
189 | } | 196 | } |
190 | 197 | ||
191 | // print the out list if any | 198 | // print the out list if any |
192 | if (db_out) { | 199 | if (db_out) { |
193 | filedb_print(db_out, "whitelist ~/", fp); | 200 | filedb_print(db_out, "whitelist ~/", fpo); |
194 | fprintf(fp, "include /etc/firejail/whitelist-common.inc\n"); | 201 | fprintf(fpo, "include /etc/firejail/whitelist-common.inc\n"); |
195 | } | 202 | } |
196 | else | 203 | else |
197 | fprintf(fp, "private\n"); | 204 | fprintf(fpo, "private\n"); |
198 | 205 | ||
199 | } \ No newline at end of file | 206 | } |