small private-cwd adjustments

author: smitsohu <smitsohu@gmail.com> 2019-05-24 23:37:04 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-05-24 23:37:04 +0200
commit: c8e3cb72d477013adb57beb03417acb0f076d739 (patch)
tree: 12b774fe79bfe0c6107db222dac7d0c5fe10e0d8 /src/firejail/fs_home.c
parent: Merge pull request #2712 from apmorton/features/private-cwd (diff)
download: firejail-c8e3cb72d477013adb57beb03417acb0f076d739.tar.gz
firejail-c8e3cb72d477013adb57beb03417acb0f076d739.tar.zst
firejail-c8e3cb72d477013adb57beb03417acb0f076d739.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index a1a16841a..3f6d78db4 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -371,15 +371,15 @@ void fs_check_private_dir(void) {
 }
 // check new private working directory (--private-cwd= option) - exit if it fails
-void fs_check_private_cwd(void) {
+void fs_check_private_cwd(const char *dir) {
        EUID_ASSERT();
-        invalid_filename(cfg.cwd, 0); // no globbing
+        invalid_filename(dir, 0); // no globbing
        // Expand the working directory
-        cfg.cwd = expand_macros(cfg.cwd);
+        cfg.cwd = expand_macros(dir);
        // realpath/is_dir not used because path may not exist outside of jail
-        if (!cfg.cwd) {
+        if (strstr(cfg.cwd, "..")) {
                fprintf(stderr, "Error: invalid private working directory\n");
                exit(1);
        }
author	smitsohu <smitsohu@gmail.com>	2019-05-24 23:37:04 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-05-24 23:37:04 +0200
commit	c8e3cb72d477013adb57beb03417acb0f076d739 (patch)
tree	12b774fe79bfe0c6107db222dac7d0c5fe10e0d8 /src/firejail/fs_home.c
parent	Merge pull request #2712 from apmorton/features/private-cwd (diff)
download	firejail-c8e3cb72d477013adb57beb03417acb0f076d739.tar.gz firejail-c8e3cb72d477013adb57beb03417acb0f076d739.tar.zst firejail-c8e3cb72d477013adb57beb03417acb0f076d739.zip

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index a1a16841a..3f6d78db4 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -371,15 +371,15 @@ void fs_check_private_dir(void) {
371	}	371	}
372		372
373	// check new private working directory (--private-cwd= option) - exit if it fails	373	// check new private working directory (--private-cwd= option) - exit if it fails
374	void fs_check_private_cwd(void) {	374	void fs_check_private_cwd(const char *dir) {
375	EUID_ASSERT();	375	EUID_ASSERT();
376	invalid_filename(cfg.cwd, 0); // no globbing	376	invalid_filename(dir, 0); // no globbing
377		377
378	// Expand the working directory	378	// Expand the working directory
379	cfg.cwd = expand_macros(cfg.cwd);	379	cfg.cwd = expand_macros(dir);
380		380
381	// realpath/is_dir not used because path may not exist outside of jail	381	// realpath/is_dir not used because path may not exist outside of jail
382	if (!cfg.cwd) {	382	if (strstr(cfg.cwd, "..")) {
383	fprintf(stderr, "Error: invalid private working directory\n");	383	fprintf(stderr, "Error: invalid private working directory\n");
384	exit(1);	384	exit(1);
385	}	385	}