diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-23 09:38:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-04-23 09:38:21 -0400 |
commit | 90877c63eecf5e161c86df6b0c62006029e2677e (patch) | |
tree | 66acab3862cc1e649d69fc2b83ced1378f95e27f /src/firejail/run_symlink.c | |
parent | merges (diff) | |
download | firejail-90877c63eecf5e161c86df6b0c62006029e2677e.tar.gz firejail-90877c63eecf5e161c86df6b0c62006029e2677e.tar.zst firejail-90877c63eecf5e161c86df6b0c62006029e2677e.zip |
fix user database access
Diffstat (limited to 'src/firejail/run_symlink.c')
-rw-r--r-- | src/firejail/run_symlink.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 5d59afad4..2bb4a2ed7 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -22,7 +22,7 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | 24 | ||
25 | void run_symlink(int argc, char **argv) { | 25 | void run_symlink(int argc, char **argv, int run_as_is) { |
26 | EUID_ASSERT(); | 26 | EUID_ASSERT(); |
27 | 27 | ||
28 | char *program = strrchr(argv[0], '/'); | 28 | char *program = strrchr(argv[0], '/'); |
@@ -33,6 +33,12 @@ void run_symlink(int argc, char **argv) { | |||
33 | if (strcmp(program, "firejail") == 0) // this is a regular "firejail program" sandbox starting | 33 | if (strcmp(program, "firejail") == 0) // this is a regular "firejail program" sandbox starting |
34 | return; | 34 | return; |
35 | 35 | ||
36 | // drop privileges | ||
37 | if (setgid(getgid()) < 0) | ||
38 | errExit("setgid/getgid"); | ||
39 | if (setuid(getuid()) < 0) | ||
40 | errExit("setuid/getuid"); | ||
41 | |||
36 | // find the real program by looking in PATH | 42 | // find the real program by looking in PATH |
37 | char *p = getenv("PATH"); | 43 | char *p = getenv("PATH"); |
38 | if (!p) { | 44 | if (!p) { |
@@ -84,20 +90,13 @@ void run_symlink(int argc, char **argv) { | |||
84 | free(selfpath); | 90 | free(selfpath); |
85 | 91 | ||
86 | // desktop integration is not supported for root user; instead, the original program is started | 92 | // desktop integration is not supported for root user; instead, the original program is started |
87 | if (getuid() == 0) { | 93 | if (getuid() == 0 || run_as_is) { |
88 | argv[0] = program; | 94 | argv[0] = program; |
89 | execv(program, argv); | 95 | execv(program, argv); |
90 | exit(1); | 96 | exit(1); |
91 | } | 97 | } |
92 | 98 | ||
93 | // start the argv[0] program in a new sandbox | 99 | // start the argv[0] program in a new sandbox |
94 | // drop privileges | ||
95 | if (setgid(getgid()) < 0) | ||
96 | errExit("setgid/getgid"); | ||
97 | if (setuid(getuid()) < 0) | ||
98 | errExit("setuid/getuid"); | ||
99 | |||
100 | // run command | ||
101 | char *a[3 + argc]; | 100 | char *a[3 + argc]; |
102 | a[0] =PATH_FIREJAIL; | 101 | a[0] =PATH_FIREJAIL; |
103 | a[1] = program; | 102 | a[1] = program; |