security fix

author: netblue30 <netblue30@yahoo.com> 2017-01-04 11:59:46 -0500
committer: netblue30 <netblue30@yahoo.com> 2017-01-04 11:59:46 -0500
commit: 60d4b478f65c60bcc825bb56f85fd6c4fd48b250 (patch)
tree: aa5f77b330912256340de9b673de0122b392579a /src/firejail/fs_home.c
parent: install the content of contrib section /usr/lib/firejail directory (diff)
download: firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.tar.gz
firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.tar.zst
firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 0872bf0d0..f5e545bf3 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -167,6 +167,13 @@ static void copy_xauthority(void) {
        char *dest;
        if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
                errExit("asprintf");
+        
+        // if destination is a symbolic link, exit the sandbox!!!
+        if (is_link(dest)) {
+                fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+                exit(1);
+        }
        // copy, set permissions and ownership
        int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
        if (rv)
@@ -185,6 +192,13 @@ static void copy_asoundrc(void) {
        char *dest;
        if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
                errExit("asprintf");
+        
+        // if destination is a symbolic link, exit the sandbox!!!
+        if (is_link(dest)) {
+                fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+                exit(1);
+        }
        // copy, set permissions and ownership
        int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
        if (rv)
author	netblue30 <netblue30@yahoo.com>	2017-01-04 11:59:46 -0500
committer	netblue30 <netblue30@yahoo.com>	2017-01-04 11:59:46 -0500
commit	60d4b478f65c60bcc825bb56f85fd6c4fd48b250 (patch)
tree	aa5f77b330912256340de9b673de0122b392579a /src/firejail/fs_home.c
parent	install the content of contrib section /usr/lib/firejail directory (diff)
download	firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.tar.gz firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.tar.zst firejail-60d4b478f65c60bcc825bb56f85fd6c4fd48b250.zip

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 0872bf0d0..f5e545bf3 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -167,6 +167,13 @@ static void copy_xauthority(void) {
167	char *dest;	167	char *dest;
168	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)	168	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
169	errExit("asprintf");	169	errExit("asprintf");
		170
		171	// if destination is a symbolic link, exit the sandbox!!!
		172	if (is_link(dest)) {
		173	fprintf(stderr, "Error: %s is a symbolic link\n", dest);
		174	exit(1);
		175	}
		176
170	// copy, set permissions and ownership	177	// copy, set permissions and ownership
171	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);	178	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);
172	if (rv)	179	if (rv)
@@ -185,6 +192,13 @@ static void copy_asoundrc(void) {
185	char *dest;	192	char *dest;
186	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)	193	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
187	errExit("asprintf");	194	errExit("asprintf");
		195
		196	// if destination is a symbolic link, exit the sandbox!!!
		197	if (is_link(dest)) {
		198	fprintf(stderr, "Error: %s is a symbolic link\n", dest);
		199	exit(1);
		200	}
		201
188	// copy, set permissions and ownership	202	// copy, set permissions and ownership
189	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);	203	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR \| S_IWUSR);
190	if (rv)	204	if (rv)