diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-20 10:50:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-20 10:50:45 -0400 |
commit | 79be851919599f8da43b0b7405687b1f8ed8e80e (patch) | |
tree | 005b836922c1d2fc54d565657c99af788cd2b9da /src/firejail/restrict_users.c | |
parent | profile merges (diff) | |
download | firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.gz firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.tar.zst firejail-79be851919599f8da43b0b7405687b1f8ed8e80e.zip |
nogroups fix
Diffstat (limited to 'src/firejail/restrict_users.c')
-rw-r--r-- | src/firejail/restrict_users.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 774e2908f..f759e7333 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -167,7 +167,7 @@ static void sanitize_passwd(void) { | |||
167 | int rv = sscanf(ptr, "%d:", &uid); | 167 | int rv = sscanf(ptr, "%d:", &uid); |
168 | if (rv == 0 || uid < 0) | 168 | if (rv == 0 || uid < 0) |
169 | goto errout; | 169 | goto errout; |
170 | if (uid < UID_MIN) { | 170 | if (uid < UID_MIN || uid == 65534) { // on Debian platforms user nobody is 65534 |
171 | fprintf(fpout, "%s", buf); | 171 | fprintf(fpout, "%s", buf); |
172 | continue; | 172 | continue; |
173 | } | 173 | } |
@@ -299,7 +299,7 @@ static void sanitize_group(void) { | |||
299 | int rv = sscanf(ptr, "%d:", &gid); | 299 | int rv = sscanf(ptr, "%d:", &gid); |
300 | if (rv == 0 || gid < 0) | 300 | if (rv == 0 || gid < 0) |
301 | goto errout; | 301 | goto errout; |
302 | if (gid < GID_MIN) { | 302 | if (gid < GID_MIN || gid == 65534) { // on Debian platforms 65534 is group nogroup |
303 | if (copy_line(fpout, buf, ptr)) | 303 | if (copy_line(fpout, buf, ptr)) |
304 | goto errout; | 304 | goto errout; |
305 | continue; | 305 | continue; |