diff options
| author |  netblue30 <netblue30@protonmail.com> | 2021-05-18 13:49:02 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2021-05-18 13:49:02 -0400 |
| commit | b79e4416fe642976111a2d610a19c3e4696bb2e2 (patch) | |
| tree | c038806bb80d57314a248dbc6df92b91d32a3a59 /src/jailcheck/sysfiles.c | |
| parent | readme, etc (diff) | |
| download | firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.gz firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.zst firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.zip | |
jailtest -> jailcheck (#4268)
Diffstat (limited to 'src/jailcheck/sysfiles.c')
| -rw-r--r-- | src/jailcheck/sysfiles.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/jailcheck/sysfiles.c b/src/jailcheck/sysfiles.c new file mode 100644 index 000000000..caeb580af --- /dev/null +++ b/src/jailcheck/sysfiles.c | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2014-2021 Firejail Authors | ||
| 3 | * | ||
| 4 | * This file is part of firejail project | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License as published by | ||
| 8 | * the Free Software Foundation; either version 2 of the License, or | ||
| 9 | * (at your option) any later version. | ||
| 10 | * | ||
| 11 | * This program is distributed in the hope that it will be useful, | ||
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 14 | * GNU General Public License for more details. | ||
| 15 | * | ||
| 16 | * You should have received a copy of the GNU General Public License along | ||
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
| 19 | */ | ||
| 20 | #include "jailcheck.h" | ||
| 21 | #include <dirent.h> | ||
| 22 | #include <sys/wait.h> | ||
| 23 | |||
| 24 | typedef struct { | ||
| 25 | char *tfile; | ||
| 26 | } TestFile; | ||
| 27 | |||
| 28 | #define MAX_TEST_FILES 32 | ||
| 29 | TestFile tf[MAX_TEST_FILES]; | ||
| 30 | static int files_cnt = 0; | ||
| 31 | |||
| 32 | void sysfiles_setup(const char *file) { | ||
| 33 | // I am root! | ||
| 34 | assert(file); | ||
| 35 | |||
| 36 | if (files_cnt >= MAX_TEST_FILES) { | ||
| 37 | fprintf(stderr, "Error: maximum number of system test files exceded\n"); | ||
| 38 | exit(1); | ||
| 39 | } | ||
| 40 | |||
| 41 | if (access(file, F_OK)) { | ||
| 42 | // no such file | ||
| 43 | return; | ||
| 44 | } | ||
| 45 | |||
| 46 | |||
| 47 | char *fname = strdup(file); | ||
| 48 | if (!fname) | ||
| 49 | errExit("strdup"); | ||
| 50 | |||
| 51 | tf[files_cnt].tfile = fname; | ||
| 52 | files_cnt++; | ||
| 53 | } | ||
| 54 | |||
| 55 | void sysfiles_test(void) { | ||
| 56 | // I am root in sandbox mount namespace | ||
| 57 | assert(user_uid); | ||
| 58 | int i; | ||
| 59 | |||
| 60 | pid_t child = fork(); | ||
| 61 | if (child == -1) | ||
| 62 | errExit("fork"); | ||
| 63 | |||
| 64 | if (child == 0) { // child | ||
| 65 | // drop privileges | ||
| 66 | if (setgid(user_gid) != 0) | ||
| 67 | errExit("setgid"); | ||
| 68 | if (setuid(user_uid) != 0) | ||
| 69 | errExit("setuid"); | ||
| 70 | |||
| 71 | for (i = 0; i < files_cnt; i++) { | ||
| 72 | assert(tf[i].tfile); | ||
| 73 | |||
| 74 | // try to open the file for reading | ||
| 75 | FILE *fp = fopen(tf[i].tfile, "r"); | ||
| 76 | if (fp) { | ||
| 77 | |||
| 78 | printf(" Warning: I can access %s\n", tf[i].tfile); | ||
| 79 | fclose(fp); | ||
| 80 | } | ||
| 81 | } | ||
| 82 | exit(0); | ||
| 83 | } | ||
| 84 | |||
| 85 | // wait for the child to finish | ||
| 86 | int status; | ||
| 87 | wait(&status); | ||
| 88 | } | ||