diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-29 09:37:51 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-29 09:37:51 -0400 |
commit | bdcb2be80f78082650283e13fcb9a90d75e02eba (patch) | |
tree | 16c5acb08efa77aa9bc78e55bad4b2fd93254f30 /src | |
parent | fix Makefile.in (diff) | |
download | firejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.tar.gz firejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.tar.zst firejail-bdcb2be80f78082650283e13fcb9a90d75e02eba.zip |
using UID_MIN/GID_MIN values from /etc/login.def
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/restrict_users.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 5a41c441b..de798037f 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -26,6 +26,7 @@ | |||
26 | #include <dirent.h> | 26 | #include <dirent.h> |
27 | #include <fcntl.h> | 27 | #include <fcntl.h> |
28 | #include <errno.h> | 28 | #include <errno.h> |
29 | #include "../../uids.h" | ||
29 | 30 | ||
30 | #define MAXBUF 1024 | 31 | #define MAXBUF 1024 |
31 | 32 | ||
@@ -118,7 +119,7 @@ static void sanitize_passwd(void) { | |||
118 | if (stat("/etc/passwd", &s) == -1) | 119 | if (stat("/etc/passwd", &s) == -1) |
119 | return; | 120 | return; |
120 | if (arg_debug) | 121 | if (arg_debug) |
121 | printf("Sanitizing /etc/passwd\n"); | 122 | printf("Sanitizing /etc/passwd, UID_MIN %d\n", UID_MIN); |
122 | if (is_link("/etc/passwd")) { | 123 | if (is_link("/etc/passwd")) { |
123 | fprintf(stderr, "Error: invalid /etc/passwd\n"); | 124 | fprintf(stderr, "Error: invalid /etc/passwd\n"); |
124 | exit(1); | 125 | exit(1); |
@@ -170,7 +171,7 @@ static void sanitize_passwd(void) { | |||
170 | int rv = sscanf(ptr, "%d:", &uid); | 171 | int rv = sscanf(ptr, "%d:", &uid); |
171 | if (rv == 0 || uid < 0) | 172 | if (rv == 0 || uid < 0) |
172 | goto errout; | 173 | goto errout; |
173 | if (uid < 1000) { // todo extract UID_MIN from /etc/login.def | 174 | if (uid < UID_MIN) { |
174 | fprintf(fpout, "%s", buf); | 175 | fprintf(fpout, "%s", buf); |
175 | continue; | 176 | continue; |
176 | } | 177 | } |
@@ -255,7 +256,7 @@ static void sanitize_group(void) { | |||
255 | if (stat("/etc/group", &s) == -1) | 256 | if (stat("/etc/group", &s) == -1) |
256 | return; | 257 | return; |
257 | if (arg_debug) | 258 | if (arg_debug) |
258 | printf("Sanitizing /etc/group\n"); | 259 | printf("Sanitizing /etc/group, GID_MIN %d\n", GID_MIN); |
259 | if (is_link("/etc/group")) { | 260 | if (is_link("/etc/group")) { |
260 | fprintf(stderr, "Error: invalid /etc/group\n"); | 261 | fprintf(stderr, "Error: invalid /etc/group\n"); |
261 | exit(1); | 262 | exit(1); |
@@ -306,7 +307,7 @@ static void sanitize_group(void) { | |||
306 | int rv = sscanf(ptr, "%d:", &gid); | 307 | int rv = sscanf(ptr, "%d:", &gid); |
307 | if (rv == 0 || gid < 0) | 308 | if (rv == 0 || gid < 0) |
308 | goto errout; | 309 | goto errout; |
309 | if (gid < 1000) { // todo extract GID_MIN from /etc/login.def | 310 | if (gid < GID_MIN) { |
310 | if (copy_line(fpout, buf, ptr)) | 311 | if (copy_line(fpout, buf, ptr)) |
311 | goto errout; | 312 | goto errout; |
312 | continue; | 313 | continue; |