diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-27 10:16:07 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-27 10:16:07 -0400 |
commit | 6144229605177764b7f3f3450c1a47f56595dc9e (patch) | |
tree | abc7cff5e879aa7b03b67674e81cf0506dedd41c /src | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-6144229605177764b7f3f3450c1a47f56595dc9e.tar.gz firejail-6144229605177764b7f3f3450c1a47f56595dc9e.tar.zst firejail-6144229605177764b7f3f3450c1a47f56595dc9e.zip |
security: overwrite /etc/resolv.conf
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/util.c | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index b5a97c71e..f41d5fcd3 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1605,6 +1605,14 @@ int main(int argc, char **argv) { | |||
1605 | return 1; | 1605 | return 1; |
1606 | } | 1606 | } |
1607 | 1607 | ||
1608 | // don't allow "--chroot=/" | ||
1609 | char *rpath = realpath(cfg.chrootdir, NULL); | ||
1610 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | ||
1611 | fprintf(stderr, "Error: invalid chroot directory\n"); | ||
1612 | exit(1); | ||
1613 | } | ||
1614 | free(rpath); | ||
1615 | |||
1608 | // check chroot directory structure | 1616 | // check chroot directory structure |
1609 | if (fs_check_chroot_dir(cfg.chrootdir)) { | 1617 | if (fs_check_chroot_dir(cfg.chrootdir)) { |
1610 | fprintf(stderr, "Error: invalid chroot\n"); | 1618 | fprintf(stderr, "Error: invalid chroot\n"); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index f38b02fd0..4b2e09953 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -171,11 +171,17 @@ void logerr(const char *msg) { | |||
171 | } | 171 | } |
172 | 172 | ||
173 | 173 | ||
174 | // return -1 if error, 0 if no error | 174 | // return -1 if error, 0 if no error; if destname already exists, return error |
175 | int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { | 175 | int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { |
176 | assert(srcname); | 176 | assert(srcname); |
177 | assert(destname); | 177 | assert(destname); |
178 | 178 | ||
179 | struct stat s; | ||
180 | if (stat(destname, &s) == 0) { | ||
181 | fprintf(stderr, "Error: file %s already exists\n", destname); | ||
182 | return -1; | ||
183 | } | ||
184 | |||
179 | // open source | 185 | // open source |
180 | int src = open(srcname, O_RDONLY); | 186 | int src = open(srcname, O_RDONLY); |
181 | if (src < 0) { | 187 | if (src < 0) { |