diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-05-16 15:48:14 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-05-16 15:48:14 +0200 |
| commit | 825ac9cdc38c4285584e69d6f29102b149914dfe (patch) | |
| tree | fd65f17f166a535f9a619c044022a3b933cc5f0c /src/firejail/fs_logger.c | |
| parent | Update disable-common.inc (diff) | |
| download | firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.gz firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.zst firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.zip | |
open files O_CLOEXEC|O_EXCL
Dumb patch that adds O_CLOEXEC to all open/fopen
calls, even where it is obviously pointless.
While at it, also add O_EXCL where it might be
considered useful, for example to clear Coverity
warnings, or on files that subsequently are used
to configure a join sandbox.
Pure defense in depth, this patch should have no
observable effects.
Diffstat (limited to 'src/firejail/fs_logger.c')
| -rw-r--r-- | src/firejail/fs_logger.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 67ad4b52e..604e297b1 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
| @@ -92,7 +92,7 @@ void fs_logger_print(void) { | |||
| 92 | if (!head) | 92 | if (!head) |
| 93 | return; | 93 | return; |
| 94 | 94 | ||
| 95 | FILE *fp = fopen(RUN_FSLOGGER_FILE, "a"); | 95 | FILE *fp = fopen(RUN_FSLOGGER_FILE, "ae"); |
| 96 | if (!fp) { | 96 | if (!fp) { |
| 97 | perror("fopen"); | 97 | perror("fopen"); |
| 98 | return; | 98 | return; |
| @@ -123,15 +123,8 @@ void fs_logger_print_log(pid_t pid) { | |||
| 123 | // in case the pid is that of a firejail process, use the pid of the first child process | 123 | // in case the pid is that of a firejail process, use the pid of the first child process |
| 124 | pid = switch_to_child(pid); | 124 | pid = switch_to_child(pid); |
| 125 | 125 | ||
| 126 | // check privileges for non-root users | 126 | // exit if no permission to join the sandbox |
| 127 | uid_t uid = getuid(); | 127 | check_join_permission(pid); |
| 128 | if (uid != 0) { | ||
| 129 | uid_t sandbox_uid = pid_get_uid(pid); | ||
| 130 | if (uid != sandbox_uid) { | ||
| 131 | fprintf(stderr, "Error: permission denied\n"); | ||
| 132 | exit(1); | ||
| 133 | } | ||
| 134 | } | ||
| 135 | 128 | ||
| 136 | // print RUN_FSLOGGER_FILE | 129 | // print RUN_FSLOGGER_FILE |
| 137 | char *fname; | 130 | char *fname; |
| @@ -139,24 +132,16 @@ void fs_logger_print_log(pid_t pid) { | |||
| 139 | errExit("asprintf"); | 132 | errExit("asprintf"); |
| 140 | 133 | ||
| 141 | EUID_ROOT(); | 134 | EUID_ROOT(); |
| 142 | struct stat s; | 135 | FILE *fp = fopen(fname, "re"); |
| 143 | if (stat(fname, &s) == -1 || s.st_uid != 0) { | 136 | free(fname); |
| 144 | fprintf(stderr, "Error: Cannot access filesystem log\n"); | ||
| 145 | exit(1); | ||
| 146 | } | ||
| 147 | |||
| 148 | /* coverity[toctou] */ | ||
| 149 | FILE *fp = fopen(fname, "r"); | ||
| 150 | if (!fp) { | 137 | if (!fp) { |
| 151 | fprintf(stderr, "Error: Cannot open filesystem log\n"); | 138 | fprintf(stderr, "Error: Cannot open filesystem log\n"); |
| 152 | exit(1); | 139 | exit(1); |
| 153 | } | 140 | } |
| 154 | |||
| 155 | char buf[MAXBUF]; | 141 | char buf[MAXBUF]; |
| 156 | while (fgets(buf, MAXBUF, fp)) | 142 | while (fgets(buf, MAXBUF, fp)) |
| 157 | printf("%s", buf); | 143 | printf("%s", buf); |
| 158 | fclose(fp); | 144 | fclose(fp); |
| 159 | free(fname); | ||
| 160 | 145 | ||
| 161 | exit(0); | 146 | exit(0); |
| 162 | } | 147 | } |