diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-04-06 21:24:16 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2021-02-08 19:19:09 +0200 |
commit | 1c7ea15b30d49d32a0e3cb79152514f1aeb19397 (patch) | |
tree | 73d5d0f553e08d6d9a64f85c29a5c6df5433cda7 /src/firejail/x11.c | |
parent | use ${DOWNLOADS} in lutris.profile (#3955) (diff) | |
download | firejail-1c7ea15b30d49d32a0e3cb79152514f1aeb19397.tar.gz firejail-1c7ea15b30d49d32a0e3cb79152514f1aeb19397.tar.zst firejail-1c7ea15b30d49d32a0e3cb79152514f1aeb19397.zip |
Filter environment variables
Save all environment variables for later use in the application, clear
environment and re-apply only whitelisted variables for the main
firejail process. The whitelisted environment is only used by C
library. Sandboxed tools will get further variables used
internally (FIREJAIL_*).
All variables will be reapplied for the firejailed application.
This also lifts the length restriction for environment variables,
except for the variables used by Firejail itself or the sandboxed
tools.
Diffstat (limited to 'src/firejail/x11.c')
-rw-r--r-- | src/firejail/x11.c | 61 |
1 files changed, 49 insertions, 12 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 4872a5207..1121ec84e 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -41,7 +41,7 @@ | |||
41 | // Parse the DISPLAY environment variable and return a display number. | 41 | // Parse the DISPLAY environment variable and return a display number. |
42 | // Returns -1 if DISPLAY is not set, or is set to anything other than :ddd. | 42 | // Returns -1 if DISPLAY is not set, or is set to anything other than :ddd. |
43 | int x11_display(void) { | 43 | int x11_display(void) { |
44 | const char *display_str = getenv("DISPLAY"); | 44 | const char *display_str = env_get("DISPLAY"); |
45 | char *endp; | 45 | char *endp; |
46 | unsigned long display; | 46 | unsigned long display; |
47 | 47 | ||
@@ -208,7 +208,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
208 | pid_t jail = 0; | 208 | pid_t jail = 0; |
209 | pid_t server = 0; | 209 | pid_t server = 0; |
210 | 210 | ||
211 | setenv("FIREJAIL_X11", "yes", 1); | 211 | env_store_name_val("FIREJAIL_X11", "yes", SETENV); |
212 | 212 | ||
213 | // never try to run X servers as root!!! | 213 | // never try to run X servers as root!!! |
214 | if (getuid() == 0) { | 214 | if (getuid() == 0) { |
@@ -326,7 +326,11 @@ void x11_start_xvfb(int argc, char **argv) { | |||
326 | if (arg_debug) | 326 | if (arg_debug) |
327 | printf("Starting xvfb...\n"); | 327 | printf("Starting xvfb...\n"); |
328 | 328 | ||
329 | // restore original environment variables | ||
330 | env_apply_all(); | ||
331 | |||
329 | // running without privileges - see drop_privs call above | 332 | // running without privileges - see drop_privs call above |
333 | assert(env_get("LD_PRELOAD") == NULL); | ||
330 | assert(getenv("LD_PRELOAD") == NULL); | 334 | assert(getenv("LD_PRELOAD") == NULL); |
331 | execvp(server_argv[0], server_argv); | 335 | execvp(server_argv[0], server_argv); |
332 | perror("execvp"); | 336 | perror("execvp"); |
@@ -355,7 +359,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
355 | free(fname); | 359 | free(fname); |
356 | 360 | ||
357 | assert(display_str); | 361 | assert(display_str); |
358 | setenv("DISPLAY", display_str, 1); | 362 | env_store_name_val("DISPLAY", display_str, SETENV); |
359 | // run attach command | 363 | // run attach command |
360 | jail = fork(); | 364 | jail = fork(); |
361 | if (jail < 0) | 365 | if (jail < 0) |
@@ -363,7 +367,11 @@ void x11_start_xvfb(int argc, char **argv) { | |||
363 | if (jail == 0) { | 367 | if (jail == 0) { |
364 | fmessage("\n*** Attaching to Xvfb display %d ***\n\n", display); | 368 | fmessage("\n*** Attaching to Xvfb display %d ***\n\n", display); |
365 | 369 | ||
370 | // restore original environment variables | ||
371 | env_apply_all(); | ||
372 | |||
366 | // running without privileges - see drop_privs call above | 373 | // running without privileges - see drop_privs call above |
374 | assert(env_get("LD_PRELOAD") == NULL); | ||
367 | assert(getenv("LD_PRELOAD") == NULL); | 375 | assert(getenv("LD_PRELOAD") == NULL); |
368 | execvp(jail_argv[0], jail_argv); | 376 | execvp(jail_argv[0], jail_argv); |
369 | perror("execvp"); | 377 | perror("execvp"); |
@@ -428,7 +436,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
428 | if (newscreen) | 436 | if (newscreen) |
429 | xephyr_screen = newscreen; | 437 | xephyr_screen = newscreen; |
430 | 438 | ||
431 | setenv("FIREJAIL_X11", "yes", 1); | 439 | env_store_name_val("FIREJAIL_X11", "yes", SETENV); |
432 | 440 | ||
433 | // unfortunately, xephyr does a number of weird things when started by root user!!! | 441 | // unfortunately, xephyr does a number of weird things when started by root user!!! |
434 | if (getuid() == 0) { | 442 | if (getuid() == 0) { |
@@ -556,7 +564,11 @@ void x11_start_xephyr(int argc, char **argv) { | |||
556 | if (arg_debug) | 564 | if (arg_debug) |
557 | printf("Starting xephyr...\n"); | 565 | printf("Starting xephyr...\n"); |
558 | 566 | ||
567 | // restore original environment variables | ||
568 | env_apply_all(); | ||
569 | |||
559 | // running without privileges - see drop_privs call above | 570 | // running without privileges - see drop_privs call above |
571 | assert(env_get("LD_PRELOAD") == NULL); | ||
560 | assert(getenv("LD_PRELOAD") == NULL); | 572 | assert(getenv("LD_PRELOAD") == NULL); |
561 | execvp(server_argv[0], server_argv); | 573 | execvp(server_argv[0], server_argv); |
562 | perror("execvp"); | 574 | perror("execvp"); |
@@ -585,7 +597,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
585 | free(fname); | 597 | free(fname); |
586 | 598 | ||
587 | assert(display_str); | 599 | assert(display_str); |
588 | setenv("DISPLAY", display_str, 1); | 600 | env_store_name_val("DISPLAY", display_str, SETENV); |
589 | // run attach command | 601 | // run attach command |
590 | jail = fork(); | 602 | jail = fork(); |
591 | if (jail < 0) | 603 | if (jail < 0) |
@@ -594,8 +606,12 @@ void x11_start_xephyr(int argc, char **argv) { | |||
594 | if (!arg_quiet) | 606 | if (!arg_quiet) |
595 | printf("\n*** Attaching to Xephyr display %d ***\n\n", display); | 607 | printf("\n*** Attaching to Xephyr display %d ***\n\n", display); |
596 | 608 | ||
609 | // restore original environment variables | ||
610 | env_apply_all(); | ||
611 | |||
597 | // running without privileges - see drop_privs call above | 612 | // running without privileges - see drop_privs call above |
598 | assert(getenv("LD_PRELOAD") == NULL); | 613 | assert(getenv("LD_PRELOAD") == NULL); |
614 | assert(env_get("LD_PRELOAD") == NULL); | ||
599 | execvp(jail_argv[0], jail_argv); | 615 | execvp(jail_argv[0], jail_argv); |
600 | perror("execvp"); | 616 | perror("execvp"); |
601 | _exit(1); | 617 | _exit(1); |
@@ -780,8 +796,12 @@ static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, | |||
780 | dup2(fd_null,2); | 796 | dup2(fd_null,2); |
781 | } | 797 | } |
782 | 798 | ||
799 | // restore original environment variables | ||
800 | env_apply_all(); | ||
801 | |||
783 | // running without privileges - see drop_privs call above | 802 | // running without privileges - see drop_privs call above |
784 | assert(getenv("LD_PRELOAD") == NULL); | 803 | assert(getenv("LD_PRELOAD") == NULL); |
804 | assert(env_get("LD_PRELOAD") == NULL); | ||
785 | execvp(server_argv[0], server_argv); | 805 | execvp(server_argv[0], server_argv); |
786 | perror("execvp"); | 806 | perror("execvp"); |
787 | _exit(1); | 807 | _exit(1); |
@@ -827,7 +847,11 @@ static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, | |||
827 | 847 | ||
828 | fmessage("\n*** Attaching to xpra display %d ***\n\n", display); | 848 | fmessage("\n*** Attaching to xpra display %d ***\n\n", display); |
829 | 849 | ||
850 | // restore original environment variables | ||
851 | env_apply_all(); | ||
852 | |||
830 | // running without privileges - see drop_privs call above | 853 | // running without privileges - see drop_privs call above |
854 | assert(env_get("LD_PRELOAD") == NULL); | ||
831 | assert(getenv("LD_PRELOAD") == NULL); | 855 | assert(getenv("LD_PRELOAD") == NULL); |
832 | execvp(attach_argv[0], attach_argv); | 856 | execvp(attach_argv[0], attach_argv); |
833 | perror("execvp"); | 857 | perror("execvp"); |
@@ -835,7 +859,7 @@ static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, | |||
835 | } | 859 | } |
836 | 860 | ||
837 | assert(display_str); | 861 | assert(display_str); |
838 | setenv("DISPLAY", display_str, 1); | 862 | env_store_name_val("DISPLAY", display_str, SETENV); |
839 | 863 | ||
840 | // build jail command | 864 | // build jail command |
841 | char *firejail_argv[argc+2]; | 865 | char *firejail_argv[argc+2]; |
@@ -857,7 +881,12 @@ static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, | |||
857 | errExit("fork"); | 881 | errExit("fork"); |
858 | if (jail == 0) { | 882 | if (jail == 0) { |
859 | // running without privileges - see drop_privs call above | 883 | // running without privileges - see drop_privs call above |
884 | assert(env_get("LD_PRELOAD") == NULL); | ||
860 | assert(getenv("LD_PRELOAD") == NULL); | 885 | assert(getenv("LD_PRELOAD") == NULL); |
886 | |||
887 | // restore original environment variables | ||
888 | env_apply_all(); | ||
889 | |||
861 | if (firejail_argv[0]) // shut up llvm scan-build | 890 | if (firejail_argv[0]) // shut up llvm scan-build |
862 | execvp(firejail_argv[0], firejail_argv); | 891 | execvp(firejail_argv[0], firejail_argv); |
863 | perror("execvp"); | 892 | perror("execvp"); |
@@ -883,7 +912,12 @@ static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, | |||
883 | dup2(fd_null,1); | 912 | dup2(fd_null,1); |
884 | dup2(fd_null,2); | 913 | dup2(fd_null,2); |
885 | } | 914 | } |
915 | |||
916 | // restore original environment variables | ||
917 | env_apply_all(); | ||
918 | |||
886 | // running without privileges - see drop_privs call above | 919 | // running without privileges - see drop_privs call above |
920 | assert(env_get("LD_PRELOAD") == NULL); | ||
887 | assert(getenv("LD_PRELOAD") == NULL); | 921 | assert(getenv("LD_PRELOAD") == NULL); |
888 | execvp(stop_argv[0], stop_argv); | 922 | execvp(stop_argv[0], stop_argv); |
889 | perror("execvp"); | 923 | perror("execvp"); |
@@ -1051,7 +1085,11 @@ static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, | |||
1051 | dup2(fd_null,2); | 1085 | dup2(fd_null,2); |
1052 | } | 1086 | } |
1053 | 1087 | ||
1088 | // restore original environment variables | ||
1089 | env_apply_all(); | ||
1090 | |||
1054 | // running without privileges - see drop_privs call above | 1091 | // running without privileges - see drop_privs call above |
1092 | assert(env_get("LD_PRELOAD") == NULL); | ||
1055 | assert(getenv("LD_PRELOAD") == NULL); | 1093 | assert(getenv("LD_PRELOAD") == NULL); |
1056 | execvp(server_argv[0], server_argv); | 1094 | execvp(server_argv[0], server_argv); |
1057 | perror("execvp"); | 1095 | perror("execvp"); |
@@ -1072,7 +1110,7 @@ static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, | |||
1072 | void x11_start_xpra(int argc, char **argv) { | 1110 | void x11_start_xpra(int argc, char **argv) { |
1073 | EUID_ASSERT(); | 1111 | EUID_ASSERT(); |
1074 | 1112 | ||
1075 | setenv("FIREJAIL_X11", "yes", 1); | 1113 | env_store_name_val("FIREJAIL_X11", "yes", SETENV); |
1076 | 1114 | ||
1077 | // unfortunately, xpra does a number of weird things when started by root user!!! | 1115 | // unfortunately, xpra does a number of weird things when started by root user!!! |
1078 | if (getuid() == 0) { | 1116 | if (getuid() == 0) { |
@@ -1134,7 +1172,7 @@ void x11_xorg(void) { | |||
1134 | #ifdef HAVE_X11 | 1172 | #ifdef HAVE_X11 |
1135 | 1173 | ||
1136 | // get DISPLAY env | 1174 | // get DISPLAY env |
1137 | char *display = getenv("DISPLAY"); | 1175 | const char *display = env_get("DISPLAY"); |
1138 | if (!display) { | 1176 | if (!display) { |
1139 | fputs("Error: --x11=xorg requires an 'outer' X11 server to use.\n", stderr); | 1177 | fputs("Error: --x11=xorg requires an 'outer' X11 server to use.\n", stderr); |
1140 | exit(1); | 1178 | exit(1); |
@@ -1259,7 +1297,7 @@ void x11_xorg(void) { | |||
1259 | ASSERT_PERMS(dest, getuid(), getgid(), 0600); | 1297 | ASSERT_PERMS(dest, getuid(), getgid(), 0600); |
1260 | 1298 | ||
1261 | // blacklist user .Xauthority file if it is not masked already | 1299 | // blacklist user .Xauthority file if it is not masked already |
1262 | char *envar = getenv("XAUTHORITY"); | 1300 | const char *envar = env_get("XAUTHORITY"); |
1263 | if (envar) { | 1301 | if (envar) { |
1264 | char *rp = realpath(envar, NULL); | 1302 | char *rp = realpath(envar, NULL); |
1265 | if (rp) { | 1303 | if (rp) { |
@@ -1269,8 +1307,7 @@ void x11_xorg(void) { | |||
1269 | } | 1307 | } |
1270 | } | 1308 | } |
1271 | // set environment variable | 1309 | // set environment variable |
1272 | if (setenv("XAUTHORITY", dest, 1) < 0) | 1310 | env_store_name_val("XAUTHORITY", dest, SETENV); |
1273 | errExit("setenv"); | ||
1274 | free(dest); | 1311 | free(dest); |
1275 | 1312 | ||
1276 | // mask RUN_XAUTHORITY_SEC_DIR | 1313 | // mask RUN_XAUTHORITY_SEC_DIR |
@@ -1391,7 +1428,7 @@ void x11_block(void) { | |||
1391 | errExit("strdup"); | 1428 | errExit("strdup"); |
1392 | profile_check_line(cmd, 0, NULL); | 1429 | profile_check_line(cmd, 0, NULL); |
1393 | profile_add(cmd); | 1430 | profile_add(cmd); |
1394 | char *xauthority = getenv("XAUTHORITY"); | 1431 | const char *xauthority = env_get("XAUTHORITY"); |
1395 | if (xauthority) { | 1432 | if (xauthority) { |
1396 | char *line; | 1433 | char *line; |
1397 | if (asprintf(&line, "blacklist %s", xauthority) == -1) | 1434 | if (asprintf(&line, "blacklist %s", xauthority) == -1) |