CVE-2022-31214: fixing the fix

author: smitsohu <smitsohu@gmail.com> 2022-06-08 15:20:44 +0200
committer: smitsohu <smitsohu@gmail.com> 2022-06-08 15:20:44 +0200
commit: dab835e7a0eb287822016f5ae4e87f46e1d363e7 (patch)
tree: 339462b5fa45ebd914f88810f09f1c47127230b8 /src
parent: shutdown testing (diff)
download: firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.gz
firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.zst
firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.zip
2 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index deaee31bb..e87d3b726 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -104,7 +104,7 @@ static void build_dirs(char *src, char *dst, size_t src_prefix_len, size_t dst_p
                                *q = '\0';
                                *r = '/';
                                r = q;
-                                create_empty_dir_as_root(dst, s.st_mode);
+                                mkdir_attr(dst, s.st_mode, 0, 0);
                        }
                        if (!last) {
                                // If we're not at the final terminating null, restore
@@ -330,9 +330,9 @@ void fs_rebuild_etc(void) {
                                symlink_done = 1;
                }
                else if (S_ISDIR(s.st_mode))
-                        create_empty_dir_as_root(dest, s.st_mode);
+                        create_empty_dir_as_root(dest, S_IRWXU);
                else
-                        create_empty_file_as_root(dest, s.st_mode);
+                        create_empty_file_as_root(dest, S_IRUSR | S_IWUSR);
                // bind-mount src on top of dest
                if (!symlink_done) {
diff --git a/src/firejail/process.c b/src/firejail/process.c
index 5adb4f8cc..fa6b1394d 100644
--- a/src/firejail/process.c
+++ b/src/firejail/process.c
@@ -96,7 +96,7 @@ int process_stat_nofail(ProcessHandle process, const char *fname, struct stat *s
 int process_stat(ProcessHandle process, const char *fname, struct stat *s) {
        int rv = process_stat_nofail(process, fname, s);
        if (rv) {
-                fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process->pid, fname, strerror(errno));
+                fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno));
                exit(1);
        }
@@ -117,7 +117,7 @@ int process_open_nofail(ProcessHandle process, const char *fname) {
 int process_open(ProcessHandle process, const char *fname) {
        int rv = process_open_nofail(process, fname);
        if (rv < 0) {
-                fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process->pid, fname, strerror(errno));
+                fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno));
                exit(1);
        }
author	smitsohu <smitsohu@gmail.com>	2022-06-08 15:20:44 +0200
committer	smitsohu <smitsohu@gmail.com>	2022-06-08 15:20:44 +0200
commit	dab835e7a0eb287822016f5ae4e87f46e1d363e7 (patch)
tree	339462b5fa45ebd914f88810f09f1c47127230b8 /src
parent	shutdown testing (diff)
download	firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.gz firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.tar.zst firejail-dab835e7a0eb287822016f5ae4e87f46e1d363e7.zip

diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index deaee31bb..e87d3b726 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -104,7 +104,7 @@ static void build_dirs(char src, char dst, size_t src_prefix_len, size_t dst_p
104	*q = '\0';	104	*q = '\0';
105	*r = '/';	105	*r = '/';
106	r = q;	106	r = q;
107	create_empty_dir_as_root(dst, s.st_mode);	107	mkdir_attr(dst, s.st_mode, 0, 0);
108	}	108	}
109	if (!last) {	109	if (!last) {
110	// If we're not at the final terminating null, restore	110	// If we're not at the final terminating null, restore
@@ -330,9 +330,9 @@ void fs_rebuild_etc(void) {
330	symlink_done = 1;	330	symlink_done = 1;
331	}	331	}
332	else if (S_ISDIR(s.st_mode))	332	else if (S_ISDIR(s.st_mode))
333	create_empty_dir_as_root(dest, s.st_mode);	333	create_empty_dir_as_root(dest, S_IRWXU);
334	else	334	else
335	create_empty_file_as_root(dest, s.st_mode);	335	create_empty_file_as_root(dest, S_IRUSR \| S_IWUSR);
336		336
337	// bind-mount src on top of dest	337	// bind-mount src on top of dest
338	if (!symlink_done) {	338	if (!symlink_done) {


diff --git a/src/firejail/process.c b/src/firejail/process.c index 5adb4f8cc..fa6b1394d 100644 --- a/src/firejail/process.c +++ b/src/firejail/process.c
@@ -96,7 +96,7 @@ int process_stat_nofail(ProcessHandle process, const char fname, struct stat s
96	int process_stat(ProcessHandle process, const char fname, struct stat s) {	96	int process_stat(ProcessHandle process, const char fname, struct stat s) {
97	int rv = process_stat_nofail(process, fname, s);	97	int rv = process_stat_nofail(process, fname, s);
98	if (rv) {	98	if (rv) {
99	fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process->pid, fname, strerror(errno));	99	fprintf(stderr, "Error: cannot stat /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno));
100	exit(1);	100	exit(1);
101	}	101	}
102		102
@@ -117,7 +117,7 @@ int process_open_nofail(ProcessHandle process, const char *fname) {
117	int process_open(ProcessHandle process, const char *fname) {	117	int process_open(ProcessHandle process, const char *fname) {
118	int rv = process_open_nofail(process, fname);	118	int rv = process_open_nofail(process, fname);
119	if (rv < 0) {	119	if (rv < 0) {
120	fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process->pid, fname, strerror(errno));	120	fprintf(stderr, "Error: cannot open /proc/%d/%s: %s\n", process_get_pid(process), fname, strerror(errno));
121	exit(1);	121	exit(1);
122	}	122	}
123		123