diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-20 14:20:24 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-20 14:20:24 +0300 |
commit | 1c030e81348376f64288ad70f88deb7bfb6cff08 (patch) | |
tree | 648443d46b1e13be50045378c36f75440bba228b /src | |
parent | small fixes for command args (diff) | |
download | firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.tar.gz firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.tar.zst firejail-1c030e81348376f64288ad70f88deb7bfb6cff08.zip |
audit for existing sandbox
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/join.c | 82 |
1 files changed, 18 insertions, 64 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 632715fea..672913480 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -333,77 +333,31 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
333 | // run cmdline trough shell | 333 | // run cmdline trough shell |
334 | if (cfg.command_line == NULL) { | 334 | if (cfg.command_line == NULL) { |
335 | assert(cfg.shell); | 335 | assert(cfg.shell); |
336 | cfg.command_line = cfg.shell; | ||
337 | cfg.window_title = cfg.shell; | ||
338 | } | ||
336 | 339 | ||
337 | // replace the process with a shell | 340 | int cwd = 0; |
338 | execlp(cfg.shell, cfg.shell, NULL); | 341 | if (cfg.cwd) { |
339 | 342 | if (chdir(cfg.cwd) == 0) | |
340 | // it should never get here | 343 | cwd = 1; |
341 | errExit("execlp"); | ||
342 | } | 344 | } |
343 | else { | ||
344 | // run the command supplied by the user | ||
345 | int cwd = 0; | ||
346 | if (cfg.cwd) { | ||
347 | if (chdir(cfg.cwd) == 0) | ||
348 | cwd = 1; | ||
349 | } | ||
350 | |||
351 | if (!cwd) { | ||
352 | if (chdir("/") < 0) | ||
353 | errExit("chdir"); | ||
354 | if (cfg.homedir) { | ||
355 | struct stat s; | ||
356 | if (stat(cfg.homedir, &s) == 0) { | ||
357 | if (chdir(cfg.homedir) < 0) | ||
358 | errExit("chdir"); | ||
359 | } | ||
360 | } | ||
361 | } | ||
362 | 345 | ||
363 | if (arg_shell_none) { | 346 | if (!cwd) { |
364 | if (arg_debug) { | 347 | if (chdir("/") < 0) |
365 | int i; | 348 | errExit("chdir"); |
366 | for (i = cfg.original_program_index; i < cfg.original_argc; i++) { | 349 | if (cfg.homedir) { |
367 | if (cfg.original_argv[i] == NULL) | 350 | struct stat s; |
368 | break; | 351 | if (stat(cfg.homedir, &s) == 0) { |
369 | printf("execvp argument %d: %s\n", i - cfg.original_program_index, cfg.original_argv[i]); | 352 | /* coverity[toctou] */ |
370 | } | 353 | if (chdir(cfg.homedir) < 0) |
371 | } | 354 | errExit("chdir"); |
372 | |||
373 | if (cfg.original_program_index == 0) { | ||
374 | fprintf(stderr, "Error: --shell=none configured, but no program specified\n"); | ||
375 | exit(1); | ||
376 | } | ||
377 | |||
378 | if (!arg_command && !arg_quiet) | ||
379 | printf("Child process initialized\n"); | ||
380 | |||
381 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); | ||
382 | exit(1); | ||
383 | } else { | ||
384 | assert(cfg.shell); | ||
385 | |||
386 | char *arg[5]; | ||
387 | arg[0] = cfg.shell; | ||
388 | arg[1] = "-c"; | ||
389 | if (arg_debug) | ||
390 | printf("Starting %s\n", cfg.command_line); | ||
391 | if (!arg_doubledash) { | ||
392 | arg[2] = cfg.command_line; | ||
393 | arg[3] = NULL; | ||
394 | } | ||
395 | else { | ||
396 | arg[2] = "--"; | ||
397 | arg[3] = cfg.command_line; | ||
398 | arg[4] = NULL; | ||
399 | } | 355 | } |
400 | execvp(arg[0], arg); | ||
401 | |||
402 | // it should never get here | ||
403 | errExit("execvp"); | ||
404 | } | 356 | } |
405 | } | 357 | } |
406 | 358 | ||
359 | start_application(); | ||
360 | |||
407 | // it will never get here!!! | 361 | // it will never get here!!! |
408 | } | 362 | } |
409 | 363 | ||