aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-07-29 09:37:51 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-07-29 09:37:51 -0400
commitbdcb2be80f78082650283e13fcb9a90d75e02eba (patch)
tree16c5acb08efa77aa9bc78e55bad4b2fd93254f30 /src
parentfix Makefile.in (diff)
downloadfirejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.tar.gz
firejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.tar.zst
firejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.zip
using UID_MIN/GID_MIN values from /etc/login.def
Diffstat (limited to 'src')
-rw-r--r--src/firejail/restrict_users.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index 5a41c441b..de798037f 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -26,6 +26,7 @@
26#include <dirent.h> 26#include <dirent.h>
27#include <fcntl.h> 27#include <fcntl.h>
28#include <errno.h> 28#include <errno.h>
29#include "../../uids.h"
29 30
30#define MAXBUF 1024 31#define MAXBUF 1024
31 32
@@ -118,7 +119,7 @@ static void sanitize_passwd(void) {
118 if (stat("/etc/passwd", &s) == -1) 119 if (stat("/etc/passwd", &s) == -1)
119 return; 120 return;
120 if (arg_debug) 121 if (arg_debug)
121 printf("Sanitizing /etc/passwd\n"); 122 printf("Sanitizing /etc/passwd, UID_MIN %d\n", UID_MIN);
122 if (is_link("/etc/passwd")) { 123 if (is_link("/etc/passwd")) {
123 fprintf(stderr, "Error: invalid /etc/passwd\n"); 124 fprintf(stderr, "Error: invalid /etc/passwd\n");
124 exit(1); 125 exit(1);
@@ -170,7 +171,7 @@ static void sanitize_passwd(void) {
170 int rv = sscanf(ptr, "%d:", &uid); 171 int rv = sscanf(ptr, "%d:", &uid);
171 if (rv == 0 || uid < 0) 172 if (rv == 0 || uid < 0)
172 goto errout; 173 goto errout;
173 if (uid < 1000) { // todo extract UID_MIN from /etc/login.def 174 if (uid < UID_MIN) {
174 fprintf(fpout, "%s", buf); 175 fprintf(fpout, "%s", buf);
175 continue; 176 continue;
176 } 177 }
@@ -255,7 +256,7 @@ static void sanitize_group(void) {
255 if (stat("/etc/group", &s) == -1) 256 if (stat("/etc/group", &s) == -1)
256 return; 257 return;
257 if (arg_debug) 258 if (arg_debug)
258 printf("Sanitizing /etc/group\n"); 259 printf("Sanitizing /etc/group, GID_MIN %d\n", GID_MIN);
259 if (is_link("/etc/group")) { 260 if (is_link("/etc/group")) {
260 fprintf(stderr, "Error: invalid /etc/group\n"); 261 fprintf(stderr, "Error: invalid /etc/group\n");
261 exit(1); 262 exit(1);
@@ -306,7 +307,7 @@ static void sanitize_group(void) {
306 int rv = sscanf(ptr, "%d:", &gid); 307 int rv = sscanf(ptr, "%d:", &gid);
307 if (rv == 0 || gid < 0) 308 if (rv == 0 || gid < 0)
308 goto errout; 309 goto errout;
309 if (gid < 1000) { // todo extract GID_MIN from /etc/login.def 310 if (gid < GID_MIN) {
310 if (copy_line(fpout, buf, ptr)) 311 if (copy_line(fpout, buf, ptr))
311 goto errout; 312 goto errout;
312 continue; 313 continue;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 12:13:39 +0000