diff options
author | netblue30 <netblue30@protonmail.com> | 2023-03-09 16:42:04 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-03-09 16:42:04 -0500 |
commit | 66f8107330d3e1ebea6566f4288b8f41d8f36621 (patch) | |
tree | d7cd0279bb0060c0ddb3dc5a4b44a054d8c83f56 /src/firejail | |
parent | private-lib cleanup (diff) | |
download | firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.tar.gz firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.tar.zst firejail-66f8107330d3e1ebea6566f4288b8f41d8f36621.zip |
allow symlinks for .asoundrc (5709)
Diffstat (limited to 'src/firejail')
-rw-r--r-- | src/firejail/fs_home.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 624e74fe4..ac80456da 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -185,20 +185,10 @@ static int store_asoundrc(void) { | |||
185 | errExit("asprintf"); | 185 | errExit("asprintf"); |
186 | 186 | ||
187 | struct stat s; | 187 | struct stat s; |
188 | if (lstat(src, &s) == 0) { | 188 | if (stat(src, &s) == 0) { |
189 | if (S_ISLNK(s.st_mode)) { | 189 | if (s.st_uid != getuid() || s.st_gid != getgid()) { |
190 | // make sure the real path of the file is inside the home directory | 190 | fwarning(".asoundrc is not owned by the current user, skipping...\n"); |
191 | /* coverity[toctou] */ | 191 | return 0; |
192 | char *rp = realpath(src, NULL); | ||
193 | if (!rp) { | ||
194 | fprintf(stderr, "Error: Cannot access %s\n", src); | ||
195 | exit(1); | ||
196 | } | ||
197 | if (strncmp(rp, cfg.homedir, strlen(cfg.homedir)) != 0 || rp[strlen(cfg.homedir)] != '/') { | ||
198 | fprintf(stderr, "Error: .asoundrc is a symbolic link pointing to a file outside home directory\n"); | ||
199 | exit(1); | ||
200 | } | ||
201 | free(rp); | ||
202 | } | 192 | } |
203 | 193 | ||
204 | // create an empty file as root, and change ownership to user | 194 | // create an empty file as root, and change ownership to user |