diff options
author | smitsohu <smitsohu@gmail.com> | 2019-08-07 15:41:18 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-08-07 15:41:18 +0200 |
commit | 824b42f988f992756f1bc6d54e30fa1ce58e059d (patch) | |
tree | 1dedb05b7840a31b1e7a4f3a31d970ff311fec3b /src | |
parent | update gitignore (diff) | |
download | firejail-824b42f988f992756f1bc6d54e30fa1ce58e059d.tar.gz firejail-824b42f988f992756f1bc6d54e30fa1ce58e059d.tar.zst firejail-824b42f988f992756f1bc6d54e30fa1ce58e059d.zip |
private home: don't create unused temporary files
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 53 |
1 files changed, 32 insertions, 21 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 86e6b0949..010999d7a 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -111,16 +111,8 @@ static void skel(const char *homedir, uid_t u, gid_t g) { | |||
111 | 111 | ||
112 | static int store_xauthority(void) { | 112 | static int store_xauthority(void) { |
113 | // put a copy of .Xauthority in XAUTHORITY_FILE | 113 | // put a copy of .Xauthority in XAUTHORITY_FILE |
114 | char *src; | ||
115 | char *dest = RUN_XAUTHORITY_FILE; | 114 | char *dest = RUN_XAUTHORITY_FILE; |
116 | // create an empty file as root, and change ownership to user | 115 | char *src; |
117 | FILE *fp = fopen(dest, "w"); | ||
118 | if (fp) { | ||
119 | fprintf(fp, "\n"); | ||
120 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); | ||
121 | fclose(fp); | ||
122 | } | ||
123 | |||
124 | if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1) | 116 | if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1) |
125 | errExit("asprintf"); | 117 | errExit("asprintf"); |
126 | 118 | ||
@@ -128,29 +120,34 @@ static int store_xauthority(void) { | |||
128 | if (stat(src, &s) == 0) { | 120 | if (stat(src, &s) == 0) { |
129 | if (is_link(src)) { | 121 | if (is_link(src)) { |
130 | fwarning("invalid .Xauthority file\n"); | 122 | fwarning("invalid .Xauthority file\n"); |
123 | free(src); | ||
131 | return 0; | 124 | return 0; |
132 | } | 125 | } |
133 | 126 | ||
127 | // create an empty file as root, and change ownership to user | ||
128 | FILE *fp = fopen(dest, "w"); | ||
129 | if (fp) { | ||
130 | fprintf(fp, "\n"); | ||
131 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); | ||
132 | fclose(fp); | ||
133 | } | ||
134 | else | ||
135 | errExit("fopen"); | ||
136 | |||
134 | copy_file_as_user(src, dest, getuid(), getgid(), 0600); // regular user | 137 | copy_file_as_user(src, dest, getuid(), getgid(), 0600); // regular user |
135 | fs_logger2("clone", dest); | 138 | fs_logger2("clone", dest); |
139 | free(src); | ||
136 | return 1; // file copied | 140 | return 1; // file copied |
137 | } | 141 | } |
138 | 142 | ||
143 | free(src); | ||
139 | return 0; | 144 | return 0; |
140 | } | 145 | } |
141 | 146 | ||
142 | static int store_asoundrc(void) { | 147 | static int store_asoundrc(void) { |
143 | // put a copy of .Xauthority in XAUTHORITY_FILE | 148 | // put a copy of .asoundrc in ASOUNDRC_FILE |
144 | char *src; | ||
145 | char *dest = RUN_ASOUNDRC_FILE; | 149 | char *dest = RUN_ASOUNDRC_FILE; |
146 | // create an empty file as root, and change ownership to user | 150 | char *src; |
147 | FILE *fp = fopen(dest, "w"); | ||
148 | if (fp) { | ||
149 | fprintf(fp, "\n"); | ||
150 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0644); | ||
151 | fclose(fp); | ||
152 | } | ||
153 | |||
154 | if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1) | 151 | if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1) |
155 | errExit("asprintf"); | 152 | errExit("asprintf"); |
156 | 153 | ||
@@ -164,18 +161,30 @@ static int store_asoundrc(void) { | |||
164 | fprintf(stderr, "Error: Cannot access %s\n", src); | 161 | fprintf(stderr, "Error: Cannot access %s\n", src); |
165 | exit(1); | 162 | exit(1); |
166 | } | 163 | } |
167 | if (strncmp(rp, cfg.homedir, strlen(cfg.homedir)) != 0) { | 164 | if (strncmp(rp, cfg.homedir, strlen(cfg.homedir)) != 0 || rp[strlen(cfg.homedir)] != '/') { |
168 | fprintf(stderr, "Error: .asoundrc is a symbolic link pointing to a file outside home directory\n"); | 165 | fprintf(stderr, "Error: .asoundrc is a symbolic link pointing to a file outside home directory\n"); |
169 | exit(1); | 166 | exit(1); |
170 | } | 167 | } |
171 | free(rp); | 168 | free(rp); |
172 | } | 169 | } |
173 | 170 | ||
171 | // create an empty file as root, and change ownership to user | ||
172 | FILE *fp = fopen(dest, "w"); | ||
173 | if (fp) { | ||
174 | fprintf(fp, "\n"); | ||
175 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0644); | ||
176 | fclose(fp); | ||
177 | } | ||
178 | else | ||
179 | errExit("fopen"); | ||
180 | |||
174 | copy_file_as_user(src, dest, getuid(), getgid(), 0644); // regular user | 181 | copy_file_as_user(src, dest, getuid(), getgid(), 0644); // regular user |
175 | fs_logger2("clone", dest); | 182 | fs_logger2("clone", dest); |
183 | free(src); | ||
176 | return 1; // file copied | 184 | return 1; // file copied |
177 | } | 185 | } |
178 | 186 | ||
187 | free(src); | ||
179 | return 0; | 188 | return 0; |
180 | } | 189 | } |
181 | 190 | ||
@@ -194,13 +203,14 @@ static void copy_xauthority(void) { | |||
194 | 203 | ||
195 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user | 204 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user |
196 | fs_logger2("clone", dest); | 205 | fs_logger2("clone", dest); |
206 | free(dest); | ||
197 | 207 | ||
198 | // delete the temporary file | 208 | // delete the temporary file |
199 | unlink(src); | 209 | unlink(src); |
200 | } | 210 | } |
201 | 211 | ||
202 | static void copy_asoundrc(void) { | 212 | static void copy_asoundrc(void) { |
203 | // copy XAUTHORITY_FILE in the new home directory | 213 | // copy ASOUNDRC_FILE in the new home directory |
204 | char *src = RUN_ASOUNDRC_FILE ; | 214 | char *src = RUN_ASOUNDRC_FILE ; |
205 | char *dest; | 215 | char *dest; |
206 | if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1) | 216 | if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1) |
@@ -214,6 +224,7 @@ static void copy_asoundrc(void) { | |||
214 | 224 | ||
215 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user | 225 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user |
216 | fs_logger2("clone", dest); | 226 | fs_logger2("clone", dest); |
227 | free(dest); | ||
217 | 228 | ||
218 | // delete the temporary file | 229 | // delete the temporary file |
219 | unlink(src); | 230 | unlink(src); |