diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-20 08:51:33 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-10-20 08:51:33 -0400 |
commit | d5d0236c0080b5d997dc7f8126ebe6117d527988 (patch) | |
tree | 0cbc5c609419cde42e8a1920917302f8d1783c5e /src | |
parent | cleanup (diff) | |
download | firejail-d5d0236c0080b5d997dc7f8126ebe6117d527988.tar.gz firejail-d5d0236c0080b5d997dc7f8126ebe6117d527988.tar.zst firejail-d5d0236c0080b5d997dc7f8126ebe6117d527988.zip |
cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/paths.c | 56 | ||||
-rw-r--r-- | src/firejail/util.c | 93 |
2 files changed, 0 insertions, 149 deletions
diff --git a/src/firejail/paths.c b/src/firejail/paths.c index 121cbeb4a..a53240cc2 100644 --- a/src/firejail/paths.c +++ b/src/firejail/paths.c | |||
@@ -93,59 +93,3 @@ unsigned int count_paths(void) { | |||
93 | assert(path_cnt); | 93 | assert(path_cnt); |
94 | return path_cnt; | 94 | return path_cnt; |
95 | } | 95 | } |
96 | |||
97 | // Return 1 if PROGRAM exists in $PATH and is runnable by the | ||
98 | // invoking user (not root). | ||
99 | // In other words, tests "will execvp(PROGRAM, ...) succeed?" | ||
100 | int program_in_path(const char *program) { | ||
101 | assert(program && *program); | ||
102 | assert(strchr(program, '/') == 0); | ||
103 | assert(strcmp(program, ".") != 0); | ||
104 | assert(strcmp(program, "..") != 0); | ||
105 | |||
106 | if (!paths) | ||
107 | init_paths(); | ||
108 | assert(paths); | ||
109 | |||
110 | size_t proglen = strlen(program); | ||
111 | char *scratch = malloc(longest_path_elt + proglen + 2); | ||
112 | if (!scratch) | ||
113 | errExit("malloc"); | ||
114 | |||
115 | int found = 0; | ||
116 | size_t dlen; | ||
117 | char **p; | ||
118 | for (p = paths; *p; p++) { | ||
119 | char *dir = *p; | ||
120 | dlen = strlen(dir); | ||
121 | |||
122 | // init_paths should ensure that this is true; as long | ||
123 | // as it is true, 'scratch' has enough space for "$p/$program". | ||
124 | assert(dlen <= longest_path_elt); | ||
125 | |||
126 | memcpy(scratch, dir, dlen); | ||
127 | scratch[dlen++] = '/'; | ||
128 | |||
129 | // copy proglen+1 bytes to copy the nul terminator at | ||
130 | // the end of 'program'. | ||
131 | memcpy(scratch + dlen, program, proglen+1); | ||
132 | |||
133 | if (access(scratch, X_OK) == 0) { | ||
134 | // must also verify that this is a regular file | ||
135 | // ('x' permission means something different for directories). | ||
136 | // exec follows symlinks, so use stat, not lstat. | ||
137 | struct stat st; | ||
138 | if (stat(scratch, &st)) { | ||
139 | perror(scratch); | ||
140 | exit(1); | ||
141 | } | ||
142 | if (S_ISREG(st.st_mode)) { | ||
143 | found = 1; | ||
144 | break; | ||
145 | } | ||
146 | } | ||
147 | } | ||
148 | |||
149 | free(scratch); | ||
150 | return found; | ||
151 | } | ||
diff --git a/src/firejail/util.c b/src/firejail/util.c index 485ddb3af..6c1a89b56 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -569,19 +569,6 @@ char *clean_pathname(const char *path) { | |||
569 | return rv; | 569 | return rv; |
570 | } | 570 | } |
571 | 571 | ||
572 | void check_unsigned(const char *str, const char *msg) { | ||
573 | EUID_ASSERT(); | ||
574 | const char *ptr = str; | ||
575 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { | ||
576 | if (!isdigit(*ptr)) { | ||
577 | fprintf(stderr, "%s %s\n", msg, str); | ||
578 | exit(1); | ||
579 | } | ||
580 | ptr++; | ||
581 | } | ||
582 | } | ||
583 | |||
584 | |||
585 | #define BUFLEN 4096 | 572 | #define BUFLEN 4096 |
586 | // find the first child for this parent; return 1 if error | 573 | // find the first child for this parent; return 1 if error |
587 | int find_child(pid_t parent, pid_t *child) { | 574 | int find_child(pid_t parent, pid_t *child) { |
@@ -865,86 +852,6 @@ uid_t get_group_id(const char *group) { | |||
865 | } | 852 | } |
866 | 853 | ||
867 | 854 | ||
868 | static int remove_callback(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf) { | ||
869 | (void) sb; | ||
870 | (void) typeflag; | ||
871 | (void) ftwbuf; | ||
872 | assert(fpath); | ||
873 | |||
874 | if (strcmp(fpath, ".") == 0) | ||
875 | return 0; | ||
876 | |||
877 | if (remove(fpath)) { // removes the link not the actual file | ||
878 | perror("remove"); | ||
879 | fprintf(stderr, "Error: cannot remove file from user .firejail directory: %s\n", fpath); | ||
880 | exit(1); | ||
881 | } | ||
882 | |||
883 | return 0; | ||
884 | } | ||
885 | |||
886 | |||
887 | int remove_overlay_directory(void) { | ||
888 | EUID_ASSERT(); | ||
889 | struct stat s; | ||
890 | sleep(1); | ||
891 | |||
892 | char *path; | ||
893 | if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1) | ||
894 | errExit("asprintf"); | ||
895 | |||
896 | if (lstat(path, &s) == 0) { | ||
897 | // deal with obvious problems such as symlinks and root ownership | ||
898 | if (!S_ISDIR(s.st_mode)) { | ||
899 | if (S_ISLNK(s.st_mode)) | ||
900 | fprintf(stderr, "Error: %s is a symbolic link\n", path); | ||
901 | else | ||
902 | fprintf(stderr, "Error: %s is not a directory\n", path); | ||
903 | exit(1); | ||
904 | } | ||
905 | if (s.st_uid != getuid()) { | ||
906 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); | ||
907 | exit(1); | ||
908 | } | ||
909 | |||
910 | pid_t child = fork(); | ||
911 | if (child < 0) | ||
912 | errExit("fork"); | ||
913 | if (child == 0) { | ||
914 | // open ~/.firejail, fails if there is any symlink | ||
915 | int fd = safe_fd(path, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | ||
916 | if (fd == -1) | ||
917 | errExit("safe_fd"); | ||
918 | // chdir to ~/.firejail | ||
919 | if (fchdir(fd) == -1) | ||
920 | errExit("fchdir"); | ||
921 | close(fd); | ||
922 | |||
923 | EUID_ROOT(); | ||
924 | // FTW_PHYS - do not follow symbolic links | ||
925 | if (nftw(".", remove_callback, 64, FTW_DEPTH | FTW_PHYS) == -1) | ||
926 | errExit("nftw"); | ||
927 | |||
928 | EUID_USER(); | ||
929 | // remove ~/.firejail | ||
930 | if (rmdir(path) == -1) | ||
931 | errExit("rmdir"); | ||
932 | #ifdef HAVE_GCOV | ||
933 | __gcov_flush(); | ||
934 | #endif | ||
935 | _exit(0); | ||
936 | } | ||
937 | // wait for the child to finish | ||
938 | waitpid(child, NULL, 0); | ||
939 | // check if ~/.firejail was deleted | ||
940 | if (stat(path, &s) == -1) | ||
941 | return 0; | ||
942 | else | ||
943 | return 1; | ||
944 | } | ||
945 | return 0; | ||
946 | } | ||
947 | |||
948 | void flush_stdin(void) { | 855 | void flush_stdin(void) { |
949 | if (isatty(STDIN_FILENO)) { | 856 | if (isatty(STDIN_FILENO)) { |
950 | int cnt = 0; | 857 | int cnt = 0; |