diff options
| author |  Laurent Declercq <l.declercq@nuxwin.com> | 2016-08-14 19:41:44 +0200 |
|---|---|---|
| committer | Laurent Declercq <l.declercq@nuxwin.com> | 2016-08-14 19:41:44 +0200 |
| commit | 62edc4b5d4bfdb81690a4a955763285760657079 (patch) | |
| tree | b3cea6a4c5383d7b432881bc28b743ccb89ee953 /src | |
| parent | branch status (diff) | |
| download | firejail-62edc4b5d4bfdb81690a4a955763285760657079.tar.gz firejail-62edc4b5d4bfdb81690a4a955763285760657079.tar.zst firejail-62edc4b5d4bfdb81690a4a955763285760657079.zip | |
Fixed #712
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 17 | ||||
| -rw-r--r-- | src/firejail/main.c | 12 |
2 files changed, 21 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5fe31cec8..98b661028 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -1110,13 +1110,16 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
| 1110 | } | 1110 | } |
| 1111 | free(name); | 1111 | free(name); |
| 1112 | 1112 | ||
| 1113 | // check shell | 1113 | // check shell (test not needed. We already test access in main.c) |
| 1114 | if (!arg_shell_none) { | 1114 | //if (!arg_shell_none) { |
| 1115 | if (stat(cfg.shell, &s) == -1) { | 1115 | // if (asprintf(&name, "%s%s", rootdir, (char *)&cfg.shell) == -1) |
| 1116 | fprintf(stderr, "Error: cannot find %s in chroot directory\n", cfg.shell); | 1116 | // errExit("asprintf"); |
| 1117 | return 1; | 1117 | // if (stat(name, &s) == -1) { |
| 1118 | } | 1118 | // fprintf(stderr, "Error: cannot find %s in chroot directory\n", name); |
| 1119 | } | 1119 | // return 1; |
| 1120 | // } | ||
| 1121 | // free(name); | ||
| 1122 | //} | ||
| 1120 | 1123 | ||
| 1121 | // check x11 socket directory | 1124 | // check x11 socket directory |
| 1122 | if (getenv("FIREJAIL_X11")) { | 1125 | if (getenv("FIREJAIL_X11")) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c8cc3f460..13270314b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1929,9 +1929,19 @@ int main(int argc, char **argv) { | |||
| 1929 | fprintf(stderr, "Error: invalid shell\n"); | 1929 | fprintf(stderr, "Error: invalid shell\n"); |
| 1930 | exit(1); | 1930 | exit(1); |
| 1931 | } | 1931 | } |
| 1932 | 1932 | ||
| 1933 | // access call checks as real UID/GID, not as effective UID/GID | 1933 | // access call checks as real UID/GID, not as effective UID/GID |
| 1934 | if (access(cfg.shell, R_OK)) { | 1934 | if (access(cfg.shell, R_OK)) { |
| 1935 | if(cfg.chrootdir) { | ||
| 1936 | char *shellpath; | ||
| 1937 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | ||
| 1938 | errExit("asprintf"); | ||
| 1939 | if (access(shellpath, R_OK)) { | ||
| 1940 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | ||
| 1941 | exit(1); | ||
| 1942 | } | ||
| 1943 | free(shellpath); | ||
| 1944 | } else if (access(cfg.shell, R_OK)) { | ||
| 1935 | fprintf(stderr, "Error: cannot access shell file\n"); | 1945 | fprintf(stderr, "Error: cannot access shell file\n"); |
| 1936 | exit(1); | 1946 | exit(1); |
| 1937 | } | 1947 | } |