diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
commit | 02a66f7e4086097a98dfdac0b47c9909908360a0 (patch) | |
tree | 443fb269e84c89842965677386260e71b85de227 /src/firejail/fs_mkdir.c | |
parent | moved sandbox name to /run/firejail/name/<PID> (diff) | |
download | firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip |
euid switching
Diffstat (limited to 'src/firejail/fs_mkdir.c')
-rw-r--r-- | src/firejail/fs_mkdir.c | 30 |
1 files changed, 5 insertions, 25 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 69bf2fae7..398c534bf 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -25,6 +25,8 @@ | |||
25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
26 | 26 | ||
27 | void fs_mkdir(const char *name) { | 27 | void fs_mkdir(const char *name) { |
28 | EUID_ASSERT(); | ||
29 | |||
28 | // check directory name | 30 | // check directory name |
29 | invalid_filename(name); | 31 | invalid_filename(name); |
30 | char *expanded = expand_home(name, cfg.homedir); | 32 | char *expanded = expand_home(name, cfg.homedir); |
@@ -39,31 +41,9 @@ void fs_mkdir(const char *name) { | |||
39 | goto doexit; | 41 | goto doexit; |
40 | } | 42 | } |
41 | 43 | ||
42 | // fork a process, drop privileges, and create the directory | 44 | // create directory |
43 | // no error recovery will be attempted | 45 | if (mkdir(expanded, 0700) == -1) |
44 | pid_t child = fork(); | 46 | fprintf(stderr, "Warning: cannot create %s directory\n", expanded); |
45 | if (child < 0) | ||
46 | errExit("fork"); | ||
47 | if (child == 0) { | ||
48 | if (arg_debug) | ||
49 | printf("Create %s directory\n", expanded); | ||
50 | |||
51 | // drop privileges | ||
52 | if (setgroups(0, NULL) < 0) | ||
53 | errExit("setgroups"); | ||
54 | if (setgid(getgid()) < 0) | ||
55 | errExit("setgid/getgid"); | ||
56 | if (setuid(getuid()) < 0) | ||
57 | errExit("setuid/getuid"); | ||
58 | |||
59 | // create directory | ||
60 | if (mkdir(expanded, 0700) == -1) | ||
61 | fprintf(stderr, "Warning: cannot create %s directory\n", expanded); | ||
62 | exit(0); | ||
63 | } | ||
64 | |||
65 | // wait for the child to finish | ||
66 | waitpid(child, NULL, 0); | ||
67 | 47 | ||
68 | doexit: | 48 | doexit: |
69 | free(expanded); | 49 | free(expanded); |