diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-23 09:38:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-04-23 09:38:21 -0400 |
commit | 90877c63eecf5e161c86df6b0c62006029e2677e (patch) | |
tree | 66acab3862cc1e649d69fc2b83ced1378f95e27f /src/lib/firejail_user.c | |
parent | merges (diff) | |
download | firejail-90877c63eecf5e161c86df6b0c62006029e2677e.tar.gz firejail-90877c63eecf5e161c86df6b0c62006029e2677e.tar.zst firejail-90877c63eecf5e161c86df6b0c62006029e2677e.zip |
fix user database access
Diffstat (limited to 'src/lib/firejail_user.c')
-rw-r--r-- | src/lib/firejail_user.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index 7d9784392..09a4da0e7 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
@@ -28,6 +28,7 @@ | |||
28 | #include "../include/common.h" | 28 | #include "../include/common.h" |
29 | #include <sys/types.h> | 29 | #include <sys/types.h> |
30 | #include <pwd.h> | 30 | #include <pwd.h> |
31 | #include "../../uids.h" | ||
31 | 32 | ||
32 | #define MAXBUF 4098 | 33 | #define MAXBUF 4098 |
33 | static inline char *get_fname(void) { | 34 | static inline char *get_fname(void) { |
@@ -41,15 +42,13 @@ static inline char *get_fname(void) { | |||
41 | int firejail_user_check(const char *name) { | 42 | int firejail_user_check(const char *name) { |
42 | assert(name); | 43 | assert(name); |
43 | 44 | ||
44 | // root allowed by default | 45 | // root is allowed to run firejail by default |
45 | if (strcmp(name, "root") == 0) | 46 | if (strcmp(name, "root") == 0) |
46 | return 1; | 47 | return 1; |
47 | 48 | ||
48 | // user nobody disabled by default | 49 | // other system users will run the program as is |
49 | if (strcmp(name, "nobody") == 0) { | 50 | if (getuid() < UID_MIN || strcmp(name, "nobody") == 0) |
50 | fprintf(stderr, "Error: user nobody is not allowed to run the sandbox\n"); | 51 | return 0; |
51 | exit(1); | ||
52 | } | ||
53 | 52 | ||
54 | // check file existence | 53 | // check file existence |
55 | char *fname = get_fname(); | 54 | char *fname = get_fname(); |