euid switching

author: netblue30 <netblue30@yahoo.com> 2016-02-19 14:57:58 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-19 14:57:58 -0500
commit: 02a66f7e4086097a98dfdac0b47c9909908360a0 (patch)
tree: 443fb269e84c89842965677386260e71b85de227 /src/firejail/fs_mkdir.c
parent: moved sandbox name to /run/firejail/name/<PID> (diff)
download: firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz
firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst
firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip
1 files changed, 5 insertions, 25 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 69bf2fae7..398c534bf 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -25,6 +25,8 @@
 #include <sys/wait.h>
 
 void fs_mkdir(const char *name) {
+        EUID_ASSERT();
+        
        // check directory name
        invalid_filename(name);
        char *expanded = expand_home(name, cfg.homedir);
@@ -39,31 +41,9 @@ void fs_mkdir(const char *name) {
                goto doexit;
        }
-        // fork a process, drop privileges, and create the directory
+        // create directory
-        // no error recovery will be attempted
+        if (mkdir(expanded, 0700) == -1)
-        pid_t child = fork();
+                fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
-        if (child < 0)
-                errExit("fork");
-        if (child == 0) {
-                if (arg_debug)
-                        printf("Create %s directory\n", expanded);
-                
-                // drop privileges
-                if (setgroups(0, NULL) < 0)
-                        errExit("setgroups");
-                if (setgid(getgid()) < 0)
-                        errExit("setgid/getgid");
-                if (setuid(getuid()) < 0)
-                        errExit("setuid/getuid");
-                
-                // create directory
-                if (mkdir(expanded, 0700) == -1)
-                        fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
-                exit(0);
-        }
-        
-        // wait for the child to finish
-        waitpid(child, NULL, 0);
 doexit:
        free(expanded);
author	netblue30 <netblue30@yahoo.com>	2016-02-19 14:57:58 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-19 14:57:58 -0500
commit	02a66f7e4086097a98dfdac0b47c9909908360a0 (patch)
tree	443fb269e84c89842965677386260e71b85de227 /src/firejail/fs_mkdir.c
parent	moved sandbox name to /run/firejail/name/<PID> (diff)
download	firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip

diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 69bf2fae7..398c534bf 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c
@@ -25,6 +25,8 @@
25	#include <sys/wait.h>	25	#include <sys/wait.h>
26		26
27	void fs_mkdir(const char *name) {	27	void fs_mkdir(const char *name) {
		28	EUID_ASSERT();
		29
28	// check directory name	30	// check directory name
29	invalid_filename(name);	31	invalid_filename(name);
30	char *expanded = expand_home(name, cfg.homedir);	32	char *expanded = expand_home(name, cfg.homedir);
@@ -39,31 +41,9 @@ void fs_mkdir(const char *name) {
39	goto doexit;	41	goto doexit;
40	}	42	}
41		43
42	// fork a process, drop privileges, and create the directory	44	// create directory
43	// no error recovery will be attempted	45	if (mkdir(expanded, 0700) == -1)
44	pid_t child = fork();	46	fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
45	if (child < 0)
46	errExit("fork");
47	if (child == 0) {
48	if (arg_debug)
49	printf("Create %s directory\n", expanded);
50
51	// drop privileges
52	if (setgroups(0, NULL) < 0)
53	errExit("setgroups");
54	if (setgid(getgid()) < 0)
55	errExit("setgid/getgid");
56	if (setuid(getuid()) < 0)
57	errExit("setuid/getuid");
58
59	// create directory
60	if (mkdir(expanded, 0700) == -1)
61	fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
62	exit(0);
63	}
64
65	// wait for the child to finish
66	waitpid(child, NULL, 0);
67		47
68	doexit:	48	doexit:
69	free(expanded);	49	free(expanded);