diff options
author | smitsohu <smitsohu@gmail.com> | 2018-08-28 20:50:27 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-28 20:50:27 +0200 |
commit | 0c2cbf05aa9553fbf5c90fb69928f2b276fead8b (patch) | |
tree | 37997aeab316facdc31aa1191d8f269fad512128 /src | |
parent | fix private-tmp and private-dev in fbuilder (diff) | |
download | firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.tar.gz firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.tar.zst firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.zip |
improve --chroot directory check
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index b3a8dcfd7..3690dee87 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1506,9 +1506,14 @@ int main(int argc, char **argv) { | |||
1506 | return 1; | 1506 | return 1; |
1507 | } | 1507 | } |
1508 | 1508 | ||
1509 | // don't allow "--chroot=/" | ||
1510 | char *rpath = realpath(cfg.chrootdir, NULL); | 1509 | char *rpath = realpath(cfg.chrootdir, NULL); |
1511 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | 1510 | if (rpath == NULL) { |
1511 | fprintf(stderr, "Error: invalid chroot directory\n"); | ||
1512 | exit(1); | ||
1513 | } | ||
1514 | // don't allow "--chroot=/" | ||
1515 | trim_trailing_slash_or_dot(rpath); | ||
1516 | if (strcmp(rpath, "/") == 0) { | ||
1512 | fprintf(stderr, "Error: invalid chroot directory\n"); | 1517 | fprintf(stderr, "Error: invalid chroot directory\n"); |
1513 | exit(1); | 1518 | exit(1); |
1514 | } | 1519 | } |