cat option

author: smitsohu <smitsohu@gmail.com> 2020-08-19 00:55:47 +0200
committer: smitsohu <smitsohu@gmail.com> 2020-08-19 00:55:47 +0200
commit: f473c959d2549ec0799bc6a7b7609c10b7f7e758 (patch)
tree: 9db27c3f12ad9a0d4be9524a8557cfd52e01a29a /src
parent: drop system(3) calls from sandbox.c (diff)
download: firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.gz
firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.zst
firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.zip
3 files changed, 49 insertions, 3 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 79e39b669..afd9af91d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -811,6 +811,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                         }
                        // list directory contents
+                        if (!arg_debug)
+                                 arg_quiet = 1;
                        pid_t pid = require_pid(argv[i] + 5);
                        sandboxfs(SANDBOX_FS_LS, pid, path, NULL);
                        exit(0);
@@ -818,6 +820,35 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                else
                        exit_err_feature("file transfer");
        }
+        else if (strncmp(argv[i], "--cat=", 6) == 0) {
+                if (checkcfg(CFG_FILE_TRANSFER)) {
+                        logargs(argc, argv);
+                        if (arg_private_cwd) {
+                                fprintf(stderr, "Error: --cat and --private-cwd options are mutually exclusive\n");
+                                exit(1);
+                        }
+                        if ((i + 2) != argc) {
+                                fprintf(stderr, "Error: invalid --cat option, path expected\n");
+                                exit(1);
+                        }
+                        char *path = argv[i + 1];
+                        invalid_filename(path, 0); // no globbing
+                        if (strstr(path, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                exit(1);
+                        }
+                        // write file contents to stdout
+                        if (!arg_debug)
+                                 arg_quiet = 1;
+                        pid_t pid = require_pid(argv[i] + 6);
+                        sandboxfs(SANDBOX_FS_CAT, pid, path, NULL);
+                        exit(0);
+                }
+                else
+                        exit_err_feature("file transfer");
+        }
 #endif
        else if (strncmp(argv[i], "--join=", 7) == 0) {
                if (checkcfg(CFG_JOIN) || getuid() == 0) {
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 4ab464289..be6715df4 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -47,6 +47,9 @@ static char *usage_str =
        "    --caps.drop=capability,capability - blacklist capabilities filter.\n"
        "    --caps.keep=capability,capability - whitelist capabilities filter.\n"
        "    --caps.print=name|pid - print the caps filter.\n"
+#ifdef HAVE_FILE_TRANSFER
+        "    --cat=name|pid filename - print content of file from sandbox container.\n"
+#endif
        "    --cgroup=tasks-file - place the sandbox in the specified control group.\n"
 #ifdef HAVE_CHROOT
        "    --chroot=dirname - chroot into directory.\n"
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 69cd4a7bc..f5f092bd9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -273,6 +273,10 @@ $ firejail \-\-list
 $ firejail \-\-caps.print=3272
 .TP
+\fB\-\-cat=name|pid filename
+Print content of file from sandbox container, see FILE TRANSFER section for more details.
+.TP
 \fB\-\-cgroup=tasks-file
 Place the sandbox in the specified control group. tasks-file is the full path of cgroup tasks file.
 .br
@@ -344,7 +348,7 @@ $ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt
 .TP
 \fB\-\-dbus-system=filter|none
-Set system DBus sandboxing policy. 
+Set system DBus sandboxing policy.
 .br
 .br
@@ -3029,6 +3033,10 @@ These features allow the user to inspect the filesystem container of an existing
 and transfer files between the container and the host filesystem.
 .TP
+\fB\-\-cat=name|pid filename
+Write content of a container file to standard out.
+.TP
 \fB\-\-get=name|pid filename
 Retrieve the container file and store it on the host in the current working directory.
 The container is specified by name or PID.
@@ -3072,6 +3080,10 @@ $ firejail \-\-get=mybrowser ~/Downloads/xpra-clipboard.png
 $ firejail \-\-put=mybrowser xpra-clipboard.png ~/Downloads/xpra-clipboard.png
 .br
+.br
+$ firejail \-\-cat=mybrowser ~/.bashrc
+.br
 .SH MONITORING
 Option \-\-list prints a list of all sandboxes. The format
 for each process entry is as follows:
@@ -3259,7 +3271,7 @@ Homepage: https://firejail.wordpress.com
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5),
 \&\flfirejail-users\fR\|(5),
-.UR https://github.com/netblue30/firejail/wiki 
+.UR https://github.com/netblue30/firejail/wiki
 .UE ,
-.UR https://github.com/netblue30/firejail 
+.UR https://github.com/netblue30/firejail
 .UE
author	smitsohu <smitsohu@gmail.com>	2020-08-19 00:55:47 +0200
committer	smitsohu <smitsohu@gmail.com>	2020-08-19 00:55:47 +0200
commit	f473c959d2549ec0799bc6a7b7609c10b7f7e758 (patch)
tree	9db27c3f12ad9a0d4be9524a8557cfd52e01a29a /src
parent	drop system(3) calls from sandbox.c (diff)
download	firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.gz firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.zst firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.zip