diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-18 17:36:49 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-18 17:36:49 +0200 |
commit | aadd5c92cd8c8dc6370b1e321ce6a7b77bb4b032 (patch) | |
tree | a73b73ad27af600e690d89c9dad74a8837bd7acb /src | |
parent | cleanup (diff) | |
download | firejail-aadd5c92cd8c8dc6370b1e321ce6a7b77bb4b032.tar.gz firejail-aadd5c92cd8c8dc6370b1e321ce6a7b77bb4b032.tar.zst firejail-aadd5c92cd8c8dc6370b1e321ce6a7b77bb4b032.zip |
readability
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/util.c | 72 |
2 files changed, 42 insertions, 31 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 5bebec185..13b7b9523 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -519,6 +519,7 @@ void touch_file_as_user(const char *fname, mode_t mode); | |||
519 | int is_dir(const char *fname); | 519 | int is_dir(const char *fname); |
520 | int is_link(const char *fname); | 520 | int is_link(const char *fname); |
521 | char *realpath_as_user(const char *fname); | 521 | char *realpath_as_user(const char *fname); |
522 | ssize_t readlink_as_user(const char *fname, char *buf, size_t sz); | ||
522 | int stat_as_user(const char *fname, struct stat *s); | 523 | int stat_as_user(const char *fname, struct stat *s); |
523 | int lstat_as_user(const char *fname, struct stat *s); | 524 | int lstat_as_user(const char *fname, struct stat *s); |
524 | void trim_trailing_slash_or_dot(char *path); | 525 | void trim_trailing_slash_or_dot(char *path); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 53c76db6d..55dcdc246 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -484,13 +484,6 @@ int is_link(const char *fname) { | |||
484 | if (*fname == '\0') | 484 | if (*fname == '\0') |
485 | return 0; | 485 | return 0; |
486 | 486 | ||
487 | int called_as_root = 0; | ||
488 | if (geteuid() == 0) | ||
489 | called_as_root = 1; | ||
490 | |||
491 | if (called_as_root) | ||
492 | EUID_USER(); | ||
493 | |||
494 | // remove trailing '/' if any | 487 | // remove trailing '/' if any |
495 | char *tmp = strdup(fname); | 488 | char *tmp = strdup(fname); |
496 | if (!tmp) | 489 | if (!tmp) |
@@ -498,12 +491,9 @@ int is_link(const char *fname) { | |||
498 | trim_trailing_slash_or_dot(tmp); | 491 | trim_trailing_slash_or_dot(tmp); |
499 | 492 | ||
500 | char c; | 493 | char c; |
501 | ssize_t rv = readlink(tmp, &c, 1); | 494 | ssize_t rv = readlink_as_user(tmp, &c, 1); |
502 | free(tmp); | 495 | free(tmp); |
503 | 496 | ||
504 | if (called_as_root) | ||
505 | EUID_ROOT(); | ||
506 | |||
507 | return (rv != -1); | 497 | return (rv != -1); |
508 | } | 498 | } |
509 | 499 | ||
@@ -525,6 +515,24 @@ char *realpath_as_user(const char *fname) { | |||
525 | return rv; | 515 | return rv; |
526 | } | 516 | } |
527 | 517 | ||
518 | ssize_t readlink_as_user(const char *fname, char *buf, size_t sz) { | ||
519 | assert(fname && buf && sz); | ||
520 | |||
521 | int called_as_root = 0; | ||
522 | if (geteuid() == 0) | ||
523 | called_as_root = 1; | ||
524 | |||
525 | if (called_as_root) | ||
526 | EUID_USER(); | ||
527 | |||
528 | ssize_t rv = readlink(fname, buf, sz); | ||
529 | |||
530 | if (called_as_root) | ||
531 | EUID_ROOT(); | ||
532 | |||
533 | return rv; | ||
534 | } | ||
535 | |||
528 | int stat_as_user(const char *fname, struct stat *s) { | 536 | int stat_as_user(const char *fname, struct stat *s) { |
529 | assert(fname); | 537 | assert(fname); |
530 | 538 | ||
@@ -997,31 +1005,33 @@ int create_empty_dir_as_user(const char *dir, mode_t mode) { | |||
997 | assert(dir); | 1005 | assert(dir); |
998 | mode &= 07777; | 1006 | mode &= 07777; |
999 | 1007 | ||
1000 | if (access(dir, F_OK) != 0) { | 1008 | if (access(dir, F_OK) == 0) |
1009 | return 0; | ||
1010 | |||
1011 | pid_t child = fork(); | ||
1012 | if (child < 0) | ||
1013 | errExit("fork"); | ||
1014 | if (child == 0) { | ||
1015 | // drop privileges | ||
1016 | drop_privs(0); | ||
1017 | |||
1001 | if (arg_debug) | 1018 | if (arg_debug) |
1002 | printf("Creating empty %s directory\n", dir); | 1019 | printf("Creating empty %s directory\n", dir); |
1003 | pid_t child = fork(); | 1020 | if (mkdir(dir, mode) == 0) { |
1004 | if (child < 0) | 1021 | int err = chmod(dir, mode); |
1005 | errExit("fork"); | 1022 | (void) err; |
1006 | if (child == 0) { | 1023 | } |
1007 | // drop privileges | 1024 | else if (arg_debug) |
1008 | drop_privs(0); | 1025 | printf("Directory %s not created: %s\n", dir, strerror(errno)); |
1009 | |||
1010 | if (mkdir(dir, mode) == 0) { | ||
1011 | int err = chmod(dir, mode); | ||
1012 | (void) err; | ||
1013 | } | ||
1014 | else if (arg_debug) | ||
1015 | printf("Directory %s not created: %s\n", dir, strerror(errno)); | ||
1016 | 1026 | ||
1017 | __gcov_flush(); | 1027 | __gcov_flush(); |
1018 | 1028 | ||
1019 | _exit(0); | 1029 | _exit(0); |
1020 | } | ||
1021 | waitpid(child, NULL, 0); | ||
1022 | if (access(dir, F_OK) == 0) | ||
1023 | return 1; | ||
1024 | } | 1030 | } |
1031 | waitpid(child, NULL, 0); | ||
1032 | |||
1033 | if (access(dir, F_OK) == 0) | ||
1034 | return 1; | ||
1025 | return 0; | 1035 | return 0; |
1026 | } | 1036 | } |
1027 | 1037 | ||