diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-27 10:38:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-27 10:38:21 -0400 |
commit | ae0e5b667d7756f5a4e318c37aefb0a827abbf25 (patch) | |
tree | daa54e1446a1a288a185c1acdd0741cf3b8c85cc /src | |
parent | more CVE-2016-7545 (diff) | |
download | firejail-ae0e5b667d7756f5a4e318c37aefb0a827abbf25.tar.gz firejail-ae0e5b667d7756f5a4e318c37aefb0a827abbf25.tar.zst firejail-ae0e5b667d7756f5a4e318c37aefb0a827abbf25.zip |
CVE-2016-7545
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/join.c | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 15 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 31 | ||||
-rw-r--r-- | src/firejail/util.c | 15 |
5 files changed, 23 insertions, 40 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e76f54ec3..4e92f3e89 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -455,6 +455,7 @@ void invalid_filename(const char *fname); | |||
455 | uid_t get_tty_gid(void); | 455 | uid_t get_tty_gid(void); |
456 | uid_t get_audio_gid(void); | 456 | uid_t get_audio_gid(void); |
457 | int remove_directory(const char *path); | 457 | int remove_directory(const char *path); |
458 | void flush_stdin(void); | ||
458 | 459 | ||
459 | // fs_var.c | 460 | // fs_var.c |
460 | void fs_var_log(void); // mounting /var/log | 461 | void fs_var_log(void); // mounting /var/log |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 414b899ce..f11d85cfe 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -386,6 +386,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
386 | 386 | ||
387 | // wait for the child to finish | 387 | // wait for the child to finish |
388 | waitpid(child, NULL, 0); | 388 | waitpid(child, NULL, 0); |
389 | flush_stdin(); | ||
389 | exit(0); | 390 | exit(0); |
390 | } | 391 | } |
391 | 392 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 81765e3ff..bf73656d2 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -35,8 +35,6 @@ | |||
35 | #include <signal.h> | 35 | #include <signal.h> |
36 | #include <time.h> | 36 | #include <time.h> |
37 | #include <net/if.h> | 37 | #include <net/if.h> |
38 | #include <sys/ioctl.h> | ||
39 | #include <termios.h> | ||
40 | 38 | ||
41 | #if 0 | 39 | #if 0 |
42 | #include <sys/times.h> | 40 | #include <sys/times.h> |
@@ -143,18 +141,7 @@ static void myexit(int rv) { | |||
143 | EUID_ROOT(); | 141 | EUID_ROOT(); |
144 | clear_run_files(sandbox_pid); | 142 | clear_run_files(sandbox_pid); |
145 | appimage_clear(); | 143 | appimage_clear(); |
146 | 144 | flush_stdin(); | |
147 | int fd = open("/dev/tty", O_RDWR); | ||
148 | if (fd != -1) { | ||
149 | ioctl(fd, TCFLSH, TCIFLUSH); | ||
150 | close(fd); | ||
151 | } else { | ||
152 | fprintf(stderr, "Warning: can't open /dev/tty, flushing stdin, stdout and stderr file descriptors instead\n"); | ||
153 | ioctl(0, TCFLSH, TCIFLUSH); | ||
154 | ioctl(1, TCFLSH, TCIFLUSH); | ||
155 | ioctl(2, TCFLSH, TCIFLUSH); | ||
156 | } | ||
157 | |||
158 | exit(rv); | 145 | exit(rv); |
159 | } | 146 | } |
160 | 147 | ||
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index a348add34..cd81b0b11 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -28,8 +28,6 @@ | |||
28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
29 | #include <dirent.h> | 29 | #include <dirent.h> |
30 | #include <errno.h> | 30 | #include <errno.h> |
31 | #include <sys/ioctl.h> | ||
32 | #include <termios.h> | ||
33 | #include <fcntl.h> | 31 | #include <fcntl.h> |
34 | 32 | ||
35 | #include <sched.h> | 33 | #include <sched.h> |
@@ -86,18 +84,8 @@ static void sandbox_handler(int sig){ | |||
86 | 84 | ||
87 | // broadcast a SIGKILL | 85 | // broadcast a SIGKILL |
88 | kill(-1, SIGKILL); | 86 | kill(-1, SIGKILL); |
89 | #if 0 | 87 | flush_stdin(); |
90 | int fd = open("/dev/tty", O_RDWR); | 88 | |
91 | if (fd != -1) { | ||
92 | ioctl(fd, TCFLSH, TCIFLUSH); | ||
93 | close(fd); | ||
94 | } else { | ||
95 | fprintf(stderr, "Warning: can't open /dev/tty, flushing stdin, stdout and stderr file descriptors instead\n"); | ||
96 | ioctl(0, TCFLSH, TCIFLUSH); | ||
97 | ioctl(1, TCFLSH, TCIFLUSH); | ||
98 | ioctl(2, TCFLSH, TCIFLUSH); | ||
99 | } | ||
100 | #endif | ||
101 | exit(sig); | 89 | exit(sig); |
102 | } | 90 | } |
103 | 91 | ||
@@ -908,18 +896,9 @@ int sandbox(void* sandbox_arg) { | |||
908 | } | 896 | } |
909 | 897 | ||
910 | int status = monitor_application(app_pid); // monitor application | 898 | int status = monitor_application(app_pid); // monitor application |
911 | #if 0 | 899 | flush_stdin(); |
912 | int fd = open("/dev/tty", O_RDWR); | 900 | |
913 | if (fd != -1) { | 901 | |
914 | ioctl(fd, TCFLSH, TCIFLUSH); | ||
915 | close(fd); | ||
916 | } else { | ||
917 | fprintf(stderr, "Warning: can't open /dev/tty, flushing stdin, stdout and stderr file descriptors instead\n"); | ||
918 | ioctl(0, TCFLSH, TCIFLUSH); | ||
919 | ioctl(1, TCFLSH, TCIFLUSH); | ||
920 | ioctl(2, TCFLSH, TCIFLUSH); | ||
921 | } | ||
922 | #endif | ||
923 | 902 | ||
924 | if (WIFEXITED(status)) { | 903 | if (WIFEXITED(status)) { |
925 | // if we had a proper exit, return that exit status | 904 | // if we had a proper exit, return that exit status |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 5b407eaf5..7aa0ae0e8 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -26,6 +26,8 @@ | |||
26 | #include <errno.h> | 26 | #include <errno.h> |
27 | #include <dirent.h> | 27 | #include <dirent.h> |
28 | #include <grp.h> | 28 | #include <grp.h> |
29 | #include <sys/ioctl.h> | ||
30 | #include <termios.h> | ||
29 | 31 | ||
30 | #define MAX_GROUPS 1024 | 32 | #define MAX_GROUPS 1024 |
31 | // drop privileges | 33 | // drop privileges |
@@ -686,3 +688,16 @@ int remove_directory(const char *path) { | |||
686 | // FTW_PHYS - do not follow symbolic links | 688 | // FTW_PHYS - do not follow symbolic links |
687 | return nftw(path, remove_callback, 64, FTW_DEPTH | FTW_PHYS); | 689 | return nftw(path, remove_callback, 64, FTW_DEPTH | FTW_PHYS); |
688 | } | 690 | } |
691 | |||
692 | void flush_stdin(void) { | ||
693 | if (isatty(STDIN_FILENO)) { | ||
694 | int cnt = 0; | ||
695 | ioctl(STDIN_FILENO, FIONREAD, &cnt); | ||
696 | if (cnt) { | ||
697 | if (!arg_quiet) | ||
698 | printf("Warning: removing %d bytes from stdin\n", cnt); | ||
699 | ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); | ||
700 | } | ||
701 | } | ||
702 | } | ||
703 | |||