diff options
author | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-31 12:03:20 -0400 |
---|---|---|
committer | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-31 12:03:20 -0400 |
commit | 5deab9ef051e37156d445c7133843b6572809292 (patch) | |
tree | eefe20a46b626684e56795cfa5eadf991c7bdf93 /src/firejail/util.c | |
parent | Sound fixes (diff) | |
download | firejail-5deab9ef051e37156d445c7133843b6572809292.tar.gz firejail-5deab9ef051e37156d445c7133843b6572809292.tar.zst firejail-5deab9ef051e37156d445c7133843b6572809292.zip |
Check to see if expand_home is called as root and switch to user (and restore root at the end)
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 47 |
1 files changed, 45 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 0d6f5ea02..d501a469d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -77,7 +77,6 @@ char *doentry[] = { | |||
77 | }; | 77 | }; |
78 | 78 | ||
79 | char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) { | 79 | char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) { |
80 | /* EUID_ASSERT(); */ | ||
81 | char *fname; | 80 | char *fname; |
82 | struct stat s; | 81 | struct stat s; |
83 | 82 | ||
@@ -143,7 +142,6 @@ char *resolve_xdg(int flags, const char *var, size_t length, const char *prnt) { | |||
143 | } | 142 | } |
144 | 143 | ||
145 | char *resolve_hardcoded(int flags, char *entries[], const char *prnt) { | 144 | char *resolve_hardcoded(int flags, char *entries[], const char *prnt) { |
146 | /* EUID_ASSERT(); */ | ||
147 | char *fname; | 145 | char *fname; |
148 | struct stat s; | 146 | struct stat s; |
149 | 147 | ||
@@ -865,22 +863,39 @@ void notify_other(int fd) { | |||
865 | char *expand_home(const char *path, const char* homedir) { | 863 | char *expand_home(const char *path, const char* homedir) { |
866 | assert(path); | 864 | assert(path); |
867 | assert(homedir); | 865 | assert(homedir); |
866 | |||
867 | int called_as_root = 0; | ||
868 | |||
869 | if(geteuid() == 0) | ||
870 | called_as_root = 1; | ||
871 | |||
872 | if(called_as_root) { | ||
873 | EUID_USER(); | ||
874 | } | ||
875 | |||
876 | EUID_ASSERT(); | ||
868 | 877 | ||
869 | // Replace home macro | 878 | // Replace home macro |
870 | char *new_name = NULL; | 879 | char *new_name = NULL; |
871 | if (strncmp(path, "${HOME}", 7) == 0) { | 880 | if (strncmp(path, "${HOME}", 7) == 0) { |
872 | if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) | 881 | if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) |
873 | errExit("asprintf"); | 882 | errExit("asprintf"); |
883 | if(called_as_root) | ||
884 | EUID_ROOT(); | ||
874 | return new_name; | 885 | return new_name; |
875 | } | 886 | } |
876 | else if (*path == '~') { | 887 | else if (*path == '~') { |
877 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) | 888 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) |
878 | errExit("asprintf"); | 889 | errExit("asprintf"); |
890 | if(called_as_root) | ||
891 | EUID_ROOT(); | ||
879 | return new_name; | 892 | return new_name; |
880 | } | 893 | } |
881 | else if (strncmp(path, "${CFG}", 6) == 0) { | 894 | else if (strncmp(path, "${CFG}", 6) == 0) { |
882 | if (asprintf(&new_name, "%s%s", SYSCONFDIR, path + 6) == -1) | 895 | if (asprintf(&new_name, "%s%s", SYSCONFDIR, path + 6) == -1) |
883 | errExit("asprintf"); | 896 | errExit("asprintf"); |
897 | if(called_as_root) | ||
898 | EUID_ROOT(); | ||
884 | return new_name; | 899 | return new_name; |
885 | } | 900 | } |
886 | 901 | ||
@@ -890,11 +905,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
890 | if(tmp) { | 905 | if(tmp) { |
891 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) | 906 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) |
892 | errExit("asprintf"); | 907 | errExit("asprintf"); |
908 | if(called_as_root) | ||
909 | EUID_ROOT(); | ||
893 | return new_name; | 910 | return new_name; |
894 | } | 911 | } |
895 | else if(tmp2) { | 912 | else if(tmp2) { |
896 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) | 913 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) |
897 | errExit("asprintf"); | 914 | errExit("asprintf"); |
915 | if(called_as_root) | ||
916 | EUID_ROOT(); | ||
898 | return new_name; | 917 | return new_name; |
899 | } | 918 | } |
900 | } | 919 | } |
@@ -905,11 +924,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
905 | if(tmp) { | 924 | if(tmp) { |
906 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 8) == -1) | 925 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 8) == -1) |
907 | errExit("asprintf"); | 926 | errExit("asprintf"); |
927 | if(called_as_root) | ||
928 | EUID_ROOT(); | ||
908 | return new_name; | 929 | return new_name; |
909 | } | 930 | } |
910 | else if(tmp2) { | 931 | else if(tmp2) { |
911 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 8) == -1) | 932 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 8) == -1) |
912 | errExit("asprintf"); | 933 | errExit("asprintf"); |
934 | if(called_as_root) | ||
935 | EUID_ROOT(); | ||
913 | return new_name; | 936 | return new_name; |
914 | } | 937 | } |
915 | } | 938 | } |
@@ -920,11 +943,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
920 | if(tmp) { | 943 | if(tmp) { |
921 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 9) == -1) | 944 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 9) == -1) |
922 | errExit("asprintf"); | 945 | errExit("asprintf"); |
946 | if(called_as_root) | ||
947 | EUID_ROOT(); | ||
923 | return new_name; | 948 | return new_name; |
924 | } | 949 | } |
925 | else if(tmp2) { | 950 | else if(tmp2) { |
926 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 9) == -1) | 951 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 9) == -1) |
927 | errExit("asprintf"); | 952 | errExit("asprintf"); |
953 | if(called_as_root) | ||
954 | EUID_ROOT(); | ||
928 | return new_name; | 955 | return new_name; |
929 | } | 956 | } |
930 | } | 957 | } |
@@ -935,11 +962,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
935 | if(tmp) { | 962 | if(tmp) { |
936 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 11) == -1) | 963 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 11) == -1) |
937 | errExit("asprintf"); | 964 | errExit("asprintf"); |
965 | if(called_as_root) | ||
966 | EUID_ROOT(); | ||
938 | return new_name; | 967 | return new_name; |
939 | } | 968 | } |
940 | else if(tmp2) { | 969 | else if(tmp2) { |
941 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 11) == -1) | 970 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 11) == -1) |
942 | errExit("asprintf"); | 971 | errExit("asprintf"); |
972 | if(called_as_root) | ||
973 | EUID_ROOT(); | ||
943 | return new_name; | 974 | return new_name; |
944 | } | 975 | } |
945 | } | 976 | } |
@@ -950,11 +981,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
950 | if(tmp) { | 981 | if(tmp) { |
951 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 10) == -1) | 982 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 10) == -1) |
952 | errExit("asprintf"); | 983 | errExit("asprintf"); |
984 | if(called_as_root) | ||
985 | EUID_ROOT(); | ||
953 | return new_name; | 986 | return new_name; |
954 | } | 987 | } |
955 | else if(tmp2) { | 988 | else if(tmp2) { |
956 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 10) == -1) | 989 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 10) == -1) |
957 | errExit("asprintf"); | 990 | errExit("asprintf"); |
991 | if(called_as_root) | ||
992 | EUID_ROOT(); | ||
958 | return new_name; | 993 | return new_name; |
959 | } | 994 | } |
960 | } | 995 | } |
@@ -965,11 +1000,15 @@ char *expand_home(const char *path, const char* homedir) { | |||
965 | if(tmp) { | 1000 | if(tmp) { |
966 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) | 1001 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1) |
967 | errExit("asprintf"); | 1002 | errExit("asprintf"); |
1003 | if(called_as_root) | ||
1004 | EUID_ROOT(); | ||
968 | return new_name; | 1005 | return new_name; |
969 | } | 1006 | } |
970 | else if(tmp2) { | 1007 | else if(tmp2) { |
971 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) | 1008 | if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1) |
972 | errExit("asprintf"); | 1009 | errExit("asprintf"); |
1010 | if(called_as_root) | ||
1011 | EUID_ROOT(); | ||
973 | return new_name; | 1012 | return new_name; |
974 | } | 1013 | } |
975 | } | 1014 | } |
@@ -977,6 +1016,10 @@ char *expand_home(const char *path, const char* homedir) { | |||
977 | char *rv = strdup(path); | 1016 | char *rv = strdup(path); |
978 | if (!rv) | 1017 | if (!rv) |
979 | errExit("strdup"); | 1018 | errExit("strdup"); |
1019 | |||
1020 | if(called_as_root) | ||
1021 | EUID_ROOT(); | ||
1022 | |||
980 | return rv; | 1023 | return rv; |
981 | } | 1024 | } |
982 | 1025 | ||