diff options
author | smitsohu <smitsohu@gmail.com> | 2021-05-03 01:09:05 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-05-03 01:20:53 +0200 |
commit | 923d7ada73f9600cda12a4ceb59b90928e4ce0d6 (patch) | |
tree | 834d6a23c22ad5e7fb1b74d4c25c3a6f6d462584 /src/firejail/fs_whitelist.c | |
parent | enhance clean_pathname function (diff) | |
download | firejail-923d7ada73f9600cda12a4ceb59b90928e4ce0d6.tar.gz firejail-923d7ada73f9600cda12a4ceb59b90928e4ce0d6.tar.zst firejail-923d7ada73f9600cda12a4ceb59b90928e4ce0d6.zip |
introduce safer_openat function
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r-- | src/firejail/fs_whitelist.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 698d47b69..23310d92d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -28,7 +28,7 @@ | |||
28 | 28 | ||
29 | #include <fcntl.h> | 29 | #include <fcntl.h> |
30 | #ifndef O_PATH | 30 | #ifndef O_PATH |
31 | # define O_PATH 010000000 | 31 | #define O_PATH 010000000 |
32 | #endif | 32 | #endif |
33 | 33 | ||
34 | // mountinfo functionality test; | 34 | // mountinfo functionality test; |
@@ -220,7 +220,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
220 | // confirm again the mount source exists and there is no symlink | 220 | // confirm again the mount source exists and there is no symlink |
221 | struct stat wfilestat; | 221 | struct stat wfilestat; |
222 | EUID_USER(); | 222 | EUID_USER(); |
223 | int fd = safe_fd(wfile, O_PATH|O_NOFOLLOW|O_CLOEXEC); | 223 | int fd = safer_openat(-1, wfile, O_PATH|O_NOFOLLOW|O_CLOEXEC); |
224 | EUID_ROOT(); | 224 | EUID_ROOT(); |
225 | if (fd == -1) { | 225 | if (fd == -1) { |
226 | if (arg_debug || arg_debug_whitelists) | 226 | if (arg_debug || arg_debug_whitelists) |
@@ -317,9 +317,9 @@ static void whitelist_path(ProfileEntry *entry) { | |||
317 | if (mptr->dir == strrchr(mptr->dir, '/')) | 317 | if (mptr->dir == strrchr(mptr->dir, '/')) |
318 | errLogExit("invalid whitelist mount"); | 318 | errLogExit("invalid whitelist mount"); |
319 | // confirm the right file was mounted by comparing device and inode numbers | 319 | // confirm the right file was mounted by comparing device and inode numbers |
320 | int fd4 = safe_fd(path, O_PATH|O_NOFOLLOW|O_CLOEXEC); | 320 | int fd4 = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); |
321 | if (fd4 == -1) | 321 | if (fd4 == -1) |
322 | errExit("safe_fd"); | 322 | errExit("safer_openat"); |
323 | struct stat s; | 323 | struct stat s; |
324 | if (fstat(fd4, &s) == -1) | 324 | if (fstat(fd4, &s) == -1) |
325 | errExit("fstat"); | 325 | errExit("fstat"); |
@@ -1059,9 +1059,9 @@ void fs_whitelist(void) { | |||
1059 | if (stat(cfg.homedir, &s) == 0) { | 1059 | if (stat(cfg.homedir, &s) == 0) { |
1060 | // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR | 1060 | // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR |
1061 | mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid()); | 1061 | mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid()); |
1062 | int fd = safe_fd(cfg.homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 1062 | int fd = safer_openat(-1, cfg.homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
1063 | if (fd == -1) | 1063 | if (fd == -1) |
1064 | errExit("safe_fd"); | 1064 | errExit("safer_openat"); |
1065 | char *proc; | 1065 | char *proc; |
1066 | if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1) | 1066 | if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1) |
1067 | errExit("asprintf"); | 1067 | errExit("asprintf"); |