diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-12 12:35:06 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-12 12:35:06 -0500 |
commit | d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3 (patch) | |
tree | 9bece5754be5922c4cb55073329c73f09a386095 /src | |
parent | added firejail.config (diff) | |
download | firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.gz firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.zst firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.zip |
file transfer fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 7 | ||||
-rw-r--r-- | src/firejail/main.c | 90 |
2 files changed, 57 insertions, 40 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 99705f0e6..bf0937f35 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -535,7 +535,12 @@ int x11_check_xpra(void); | |||
535 | #define SANDBOX_FS_LS 0 | 535 | #define SANDBOX_FS_LS 0 |
536 | #define SANDBOX_FS_GET 1 | 536 | #define SANDBOX_FS_GET 1 |
537 | void sandboxfs_name(int op, const char *name, const char *path); | 537 | void sandboxfs_name(int op, const char *name, const char *path); |
538 | void sandboxfs(int op, pid_t pid, const char *path); | 538 | void sandboxfs(int op, pid_t pid, const char *patqh); |
539 | |||
540 | // checkcfg.c | ||
541 | #define CFG_FILE_TRANSFER 0 | ||
542 | #define CFG_MAX 1 // this should always be the last entry | ||
543 | int checkcfg(int val); | ||
539 | 544 | ||
540 | #endif | 545 | #endif |
541 | 546 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index bfb0eadc9..0a02d0918 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -429,52 +429,64 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
429 | exit(0); | 429 | exit(0); |
430 | } | 430 | } |
431 | #endif | 431 | #endif |
432 | #ifndef HAVE_FILE_TRANSFER | 432 | #ifdef HAVE_FILE_TRANSFER |
433 | else if (strncmp(argv[i], "--get=", 6) == 0) { | 433 | else if (strncmp(argv[i], "--get=", 6) == 0) { |
434 | logargs(argc, argv); | 434 | if (checkcfg(CFG_FILE_TRANSFER)) { |
435 | 435 | logargs(argc, argv); | |
436 | // verify path | 436 | |
437 | if ((i + 2) != argc) { | 437 | // verify path |
438 | fprintf(stderr, "Error: invalid --get option, path expected\n"); | 438 | if ((i + 2) != argc) { |
439 | fprintf(stderr, "Error: invalid --get option, path expected\n"); | ||
440 | exit(1); | ||
441 | } | ||
442 | char *path = argv[i + 1]; | ||
443 | invalid_filename(path); | ||
444 | if (strstr(path, "..")) { | ||
445 | fprintf(stderr, "Error: invalid file name %s\n", path); | ||
446 | exit(1); | ||
447 | } | ||
448 | |||
449 | // get file | ||
450 | pid_t pid; | ||
451 | if (read_pid(argv[i] + 6, &pid) == 0) | ||
452 | sandboxfs(SANDBOX_FS_GET, pid, path); | ||
453 | else | ||
454 | sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path); | ||
455 | exit(0); | ||
456 | } | ||
457 | else { | ||
458 | fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); | ||
439 | exit(1); | 459 | exit(1); |
440 | } | 460 | } |
441 | char *path = argv[i + 1]; | ||
442 | invalid_filename(path); | ||
443 | if (strstr(path, "..")) { | ||
444 | fprintf(stderr, "Error: invalid file name %s\n", path); | ||
445 | exit(1); | ||
446 | } | ||
447 | |||
448 | // get file | ||
449 | pid_t pid; | ||
450 | if (read_pid(argv[i] + 6, &pid) == 0) | ||
451 | sandboxfs(SANDBOX_FS_GET, pid, path); | ||
452 | else | ||
453 | sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path); | ||
454 | exit(0); | ||
455 | } | 461 | } |
456 | else if (strncmp(argv[i], "--ls=", 5) == 0) { | 462 | else if (strncmp(argv[i], "--ls=", 5) == 0) { |
457 | logargs(argc, argv); | 463 | if (checkcfg(CFG_FILE_TRANSFER)) { |
458 | 464 | logargs(argc, argv); | |
459 | // verify path | 465 | |
460 | if ((i + 2) != argc) { | 466 | // verify path |
461 | fprintf(stderr, "Error: invalid --ls option, path expected\n"); | 467 | if ((i + 2) != argc) { |
468 | fprintf(stderr, "Error: invalid --ls option, path expected\n"); | ||
469 | exit(1); | ||
470 | } | ||
471 | char *path = argv[i + 1]; | ||
472 | invalid_filename(path); | ||
473 | if (strstr(path, "..")) { | ||
474 | fprintf(stderr, "Error: invalid file name %s\n", path); | ||
475 | exit(1); | ||
476 | } | ||
477 | |||
478 | // list directory contents | ||
479 | pid_t pid; | ||
480 | if (read_pid(argv[i] + 5, &pid) == 0) | ||
481 | sandboxfs(SANDBOX_FS_LS, pid, path); | ||
482 | else | ||
483 | sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); | ||
484 | exit(0); | ||
485 | } | ||
486 | else { | ||
487 | fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); | ||
462 | exit(1); | 488 | exit(1); |
463 | } | 489 | } |
464 | char *path = argv[i + 1]; | ||
465 | invalid_filename(path); | ||
466 | if (strstr(path, "..")) { | ||
467 | fprintf(stderr, "Error: invalid file name %s\n", path); | ||
468 | exit(1); | ||
469 | } | ||
470 | |||
471 | // list directory contents | ||
472 | pid_t pid; | ||
473 | if (read_pid(argv[i] + 5, &pid) == 0) | ||
474 | sandboxfs(SANDBOX_FS_LS, pid, path); | ||
475 | else | ||
476 | sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); | ||
477 | exit(0); | ||
478 | } | 490 | } |
479 | #endif | 491 | #endif |
480 | else if (strncmp(argv[i], "--join=", 7) == 0) { | 492 | else if (strncmp(argv[i], "--join=", 7) == 0) { |