diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-03-09 12:46:11 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-03-09 12:46:11 -0500 |
| commit | b689b69f6c3b8a8ba633d6300cef6a19972d53dc (patch) | |
| tree | f3b4a14761bb8ad74aa408ea0f08e961c2e8e7a7 /src/firejail/fs_lib.c | |
| parent | testing (diff) | |
| download | firejail-b689b69f6c3b8a8ba633d6300cef6a19972d53dc.tar.gz firejail-b689b69f6c3b8a8ba633d6300cef6a19972d53dc.tar.zst firejail-b689b69f6c3b8a8ba633d6300cef6a19972d53dc.zip | |
make --private-lib a compile time option, disabled by default
Diffstat (limited to 'src/firejail/fs_lib.c')
| -rw-r--r-- | src/firejail/fs_lib.c | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index e349941fa..ba7a291ee 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
| @@ -32,35 +32,6 @@ extern void fslib_install_stdc(void); | |||
| 32 | extern void fslib_install_firejail(void); | 32 | extern void fslib_install_firejail(void); |
| 33 | extern void fslib_install_system(void); | 33 | extern void fslib_install_system(void); |
| 34 | 34 | ||
| 35 | static int lib_cnt = 0; | ||
| 36 | static int dir_cnt = 0; | ||
| 37 | |||
| 38 | static const char *masked_lib_dirs[] = { | ||
| 39 | "/usr/lib64", | ||
| 40 | "/lib64", | ||
| 41 | "/usr/lib", | ||
| 42 | "/lib", | ||
| 43 | "/usr/local/lib64", | ||
| 44 | "/usr/local/lib", | ||
| 45 | NULL, | ||
| 46 | }; | ||
| 47 | |||
| 48 | // return 1 if the file is in masked_lib_dirs[] | ||
| 49 | static int valid_full_path(const char *full_path) { | ||
| 50 | if (strstr(full_path, "..")) | ||
| 51 | return 0; | ||
| 52 | |||
| 53 | int i = 0; | ||
| 54 | while (masked_lib_dirs[i]) { | ||
| 55 | size_t len = strlen(masked_lib_dirs[i]); | ||
| 56 | if (strncmp(full_path, masked_lib_dirs[i], len) == 0 && | ||
| 57 | full_path[len] == '/') | ||
| 58 | return 1; | ||
| 59 | i++; | ||
| 60 | } | ||
| 61 | return 0; | ||
| 62 | } | ||
| 63 | |||
| 64 | // return 1 if symlink to firejail executable | 35 | // return 1 if symlink to firejail executable |
| 65 | int is_firejail_link(const char *fname) { | 36 | int is_firejail_link(const char *fname) { |
| 66 | EUID_ASSERT(); | 37 | EUID_ASSERT(); |
| @@ -116,6 +87,36 @@ char *find_in_path(const char *program) { | |||
| 116 | return NULL; | 87 | return NULL; |
| 117 | } | 88 | } |
| 118 | 89 | ||
| 90 | #ifdef HAVE_PRIVATE_LIB | ||
| 91 | static int lib_cnt = 0; | ||
| 92 | static int dir_cnt = 0; | ||
| 93 | |||
| 94 | static const char *masked_lib_dirs[] = { | ||
| 95 | "/usr/lib64", | ||
| 96 | "/lib64", | ||
| 97 | "/usr/lib", | ||
| 98 | "/lib", | ||
| 99 | "/usr/local/lib64", | ||
| 100 | "/usr/local/lib", | ||
| 101 | NULL, | ||
| 102 | }; | ||
| 103 | |||
| 104 | // return 1 if the file is in masked_lib_dirs[] | ||
| 105 | static int valid_full_path(const char *full_path) { | ||
| 106 | if (strstr(full_path, "..")) | ||
| 107 | return 0; | ||
| 108 | |||
| 109 | int i = 0; | ||
| 110 | while (masked_lib_dirs[i]) { | ||
| 111 | size_t len = strlen(masked_lib_dirs[i]); | ||
| 112 | if (strncmp(full_path, masked_lib_dirs[i], len) == 0 && | ||
| 113 | full_path[len] == '/') | ||
| 114 | return 1; | ||
| 115 | i++; | ||
| 116 | } | ||
| 117 | return 0; | ||
| 118 | } | ||
| 119 | |||
| 119 | static char *build_dest_dir(const char *full_path) { | 120 | static char *build_dest_dir(const char *full_path) { |
| 120 | assert(full_path); | 121 | assert(full_path); |
| 121 | if (strstr(full_path, "/x86_64-linux-gnu/")) | 122 | if (strstr(full_path, "/x86_64-linux-gnu/")) |
| @@ -465,3 +466,4 @@ void fs_private_lib(void) { | |||
| 465 | // mount lib filesystem | 466 | // mount lib filesystem |
| 466 | mount_directories(); | 467 | mount_directories(); |
| 467 | } | 468 | } |
| 469 | #endif \ No newline at end of file | ||