diff options
author | 2016-08-25 01:01:06 +0300 | |
---|---|---|
committer | 2016-08-25 01:05:40 +0300 | |
commit | 51d69322896d0f622d77dc581c35876c1c937596 (patch) | |
tree | 88bf6dd701767267ac564c008335e728a9ab727d /src/firejail/restrict_users.c | |
parent | tighten security (diff) | |
download | firejail-51d69322896d0f622d77dc581c35876c1c937596.tar.gz firejail-51d69322896d0f622d77dc581c35876c1c937596.tar.zst firejail-51d69322896d0f622d77dc581c35876c1c937596.zip |
tighten security
Diffstat (limited to 'src/firejail/restrict_users.c')
-rw-r--r-- | src/firejail/restrict_users.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index de798037f..cb999a4a6 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -187,12 +187,9 @@ static void sanitize_passwd(void) { | |||
187 | fprintf(fpout, "%s", buf); | 187 | fprintf(fpout, "%s", buf); |
188 | } | 188 | } |
189 | fclose(fpin); | 189 | fclose(fpin); |
190 | SET_PERMS_STREAM(fpout, 0, 0, 0644); | ||
190 | fclose(fpout); | 191 | fclose(fpout); |
191 | if (chown(RUN_PASSWD_FILE, 0, 0) == -1) | 192 | |
192 | errExit("chown"); | ||
193 | if (chmod(RUN_PASSWD_FILE, 0644) == -1) | ||
194 | errExit("chmod"); | ||
195 | |||
196 | // mount-bind tne new password file | 193 | // mount-bind tne new password file |
197 | if (mount(RUN_PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) | 194 | if (mount(RUN_PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) |
198 | errExit("mount"); | 195 | errExit("mount"); |
@@ -319,12 +316,9 @@ static void sanitize_group(void) { | |||
319 | goto errout; | 316 | goto errout; |
320 | } | 317 | } |
321 | fclose(fpin); | 318 | fclose(fpin); |
319 | SET_PERMS_STREAM(fpout, 0, 0, 0644); | ||
322 | fclose(fpout); | 320 | fclose(fpout); |
323 | if (chown(RUN_GROUP_FILE, 0, 0) == -1) | 321 | |
324 | errExit("chown"); | ||
325 | if (chmod(RUN_GROUP_FILE, 0644) == -1) | ||
326 | errExit("chmod"); | ||
327 | |||
328 | // mount-bind tne new group file | 322 | // mount-bind tne new group file |
329 | if (mount(RUN_GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) | 323 | if (mount(RUN_GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) |
330 | errExit("mount"); | 324 | errExit("mount"); |