diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-16 19:05:27 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-16 19:05:27 +0100 |
commit | 63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d (patch) | |
tree | df985285a5171ef680e882487ea3bc722455d665 /src/firejail/util.c | |
parent | Fix assogiate's private-bin (#2603) (diff) | |
download | firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.tar.gz firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.tar.zst firejail-63b16db2a9555db0e9c4bdc1f9fc0a1d73f42b9d.zip |
hardening: replace setuid/setgid calls with setresuid/setresgid
when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.
Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index dd298a31a..52f0f89c5 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -119,12 +119,13 @@ clean_all: | |||
119 | // drop privileges | 119 | // drop privileges |
120 | // - for root group or if nogroups is set, supplementary groups are not configured | 120 | // - for root group or if nogroups is set, supplementary groups are not configured |
121 | void drop_privs(int nogroups) { | 121 | void drop_privs(int nogroups) { |
122 | EUID_ROOT(); | ||
123 | gid_t gid = getgid(); | 122 | gid_t gid = getgid(); |
123 | uid_t uid = getuid(); | ||
124 | if (arg_debug) | 124 | if (arg_debug) |
125 | printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n", getpid(), getuid(), gid, nogroups); | 125 | printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n", getpid(), uid, gid, nogroups); |
126 | 126 | ||
127 | // configure supplementary groups | 127 | // configure supplementary groups |
128 | EUID_ROOT(); | ||
128 | if (gid == 0 || nogroups) { | 129 | if (gid == 0 || nogroups) { |
129 | if (setgroups(0, NULL) < 0) | 130 | if (setgroups(0, NULL) < 0) |
130 | errExit("setgroups"); | 131 | errExit("setgroups"); |
@@ -135,10 +136,10 @@ void drop_privs(int nogroups) { | |||
135 | clean_supplementary_groups(gid); | 136 | clean_supplementary_groups(gid); |
136 | 137 | ||
137 | // set uid/gid | 138 | // set uid/gid |
138 | if (setgid(getgid()) < 0) | 139 | if (setresgid(gid, gid, gid) != 0) |
139 | errExit("setgid/getgid"); | 140 | errExit("setresgid"); |
140 | if (setuid(getuid()) < 0) | 141 | if (setresuid(uid, uid, uid) != 0) |
141 | errExit("setuid/getuid"); | 142 | errExit("setresuid"); |
142 | } | 143 | } |
143 | 144 | ||
144 | 145 | ||