diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-16 19:05:27 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-16 19:05:27 +0100 |
commit | 63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d (patch) | |
tree | df985285a5171ef680e882487ea3bc722455d665 /src/firejail/run_symlink.c | |
parent | Fix assogiate's private-bin (#2603) (diff) | |
download | firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.tar.gz firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.tar.zst firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.zip |
hardening: replace setuid/setgid calls with setresuid/setresgid
when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.
Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).
Diffstat (limited to 'src/firejail/run_symlink.c')
-rw-r--r-- | src/firejail/run_symlink.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index ee62bba32..e10f90850 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -34,11 +34,12 @@ void run_symlink(int argc, char **argv, int run_as_is) { | |||
34 | return; | 34 | return; |
35 | 35 | ||
36 | // drop privileges | 36 | // drop privileges |
37 | EUID_ROOT(); | 37 | gid_t gid = getgid(); |
38 | if (setgid(getgid()) < 0) | 38 | uid_t uid = getuid(); |
39 | errExit("setgid/getgid"); | 39 | if (setresgid(gid, gid, gid) != 0) |
40 | if (setuid(getuid()) < 0) | 40 | errExit("setresgid"); |
41 | errExit("setuid/getuid"); | 41 | if (setresuid(uid, uid, uid) != 0) |
42 | errExit("setresuid"); | ||
42 | 43 | ||
43 | // find the real program by looking in PATH | 44 | // find the real program by looking in PATH |
44 | char *p = getenv("PATH"); | 45 | char *p = getenv("PATH"); |
@@ -94,7 +95,7 @@ void run_symlink(int argc, char **argv, int run_as_is) { | |||
94 | umask(orig_umask); | 95 | umask(orig_umask); |
95 | 96 | ||
96 | // desktop integration is not supported for root user; instead, the original program is started | 97 | // desktop integration is not supported for root user; instead, the original program is started |
97 | if (getuid() == 0 || run_as_is) { | 98 | if (uid == 0 || run_as_is) { |
98 | argv[0] = program; | 99 | argv[0] = program; |
99 | execv(program, argv); | 100 | execv(program, argv); |
100 | exit(1); | 101 | exit(1); |