nogroups fix

author: netblue30 <netblue30@yahoo.com> 2017-03-20 10:50:45 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-03-20 10:50:45 -0400
commit: 79be851919599f8da43b0b7405687b1f8ed8e80e (patch)
tree: 005b836922c1d2fc54d565657c99af788cd2b9da /src/firejail/restrict_users.c
parent: profile merges (diff)
download: firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.gz
firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.zst
firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index 774e2908f..f759e7333 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -167,7 +167,7 @@ static void sanitize_passwd(void) {
                int rv = sscanf(ptr, "%d:", &uid);
                if (rv == 0 || uid < 0)
                        goto errout;
-                if (uid < UID_MIN) {
+                if (uid < UID_MIN || uid == 65534) { // on Debian platforms user nobody is 65534
                        fprintf(fpout, "%s", buf);
                        continue;
                }
@@ -299,7 +299,7 @@ static void sanitize_group(void) {
                int rv = sscanf(ptr, "%d:", &gid);
                if (rv == 0 || gid < 0)
                        goto errout;
-                if (gid < GID_MIN) {
+                if (gid < GID_MIN || gid == 65534) { // on Debian platforms 65534 is group nogroup
                        if (copy_line(fpout, buf, ptr))
                                goto errout;
                        continue;
author	netblue30 <netblue30@yahoo.com>	2017-03-20 10:50:45 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-03-20 10:50:45 -0400
commit	79be851919599f8da43b0b7405687b1f8ed8e80e (patch)
tree	005b836922c1d2fc54d565657c99af788cd2b9da /src/firejail/restrict_users.c
parent	profile merges (diff)
download	firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.gz firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.zst firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.zip

diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 774e2908f..f759e7333 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c
@@ -167,7 +167,7 @@ static void sanitize_passwd(void) {
167	int rv = sscanf(ptr, "%d:", &uid);	167	int rv = sscanf(ptr, "%d:", &uid);
168	if (rv == 0 \|\| uid < 0)	168	if (rv == 0 \|\| uid < 0)
169	goto errout;	169	goto errout;
170	if (uid < UID_MIN) {	170	if (uid < UID_MIN \|\| uid == 65534) { // on Debian platforms user nobody is 65534
171	fprintf(fpout, "%s", buf);	171	fprintf(fpout, "%s", buf);
172	continue;	172	continue;
173	}	173	}
@@ -299,7 +299,7 @@ static void sanitize_group(void) {
299	int rv = sscanf(ptr, "%d:", &gid);	299	int rv = sscanf(ptr, "%d:", &gid);
300	if (rv == 0 \|\| gid < 0)	300	if (rv == 0 \|\| gid < 0)
301	goto errout;	301	goto errout;
302	if (gid < GID_MIN) {	302	if (gid < GID_MIN \|\| gid == 65534) { // on Debian platforms 65534 is group nogroup
303	if (copy_line(fpout, buf, ptr))	303	if (copy_line(fpout, buf, ptr))
304	goto errout;	304	goto errout;
305	continue;	305	continue;