diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-04 07:53:54 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-04 07:53:54 -0500 |
commit | 791aa95dcdf92a3be0af13ae4ef25d260ecfcb75 (patch) | |
tree | 5b822f8494c403667f84814058be3c746b294bdd /src | |
parent | testing (diff) | |
download | firejail-791aa95dcdf92a3be0af13ae4ef25d260ecfcb75.tar.gz firejail-791aa95dcdf92a3be0af13ae4ef25d260ecfcb75.tar.zst firejail-791aa95dcdf92a3be0af13ae4ef25d260ecfcb75.zip |
--output enhancement
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/output.c | 66 |
1 files changed, 30 insertions, 36 deletions
diff --git a/src/firejail/output.c b/src/firejail/output.c index 4872c57ba..cea4f4e28 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -26,50 +26,45 @@ void check_output(int argc, char **argv) { | |||
26 | EUID_ASSERT(); | 26 | EUID_ASSERT(); |
27 | 27 | ||
28 | int i; | 28 | int i; |
29 | char *outfile = NULL; | 29 | int outindex = 0; |
30 | 30 | ||
31 | int found = 0; | ||
32 | for (i = 1; i < argc; i++) { | 31 | for (i = 1; i < argc; i++) { |
33 | if (strncmp(argv[i], "--output=", 9) == 0) { | 32 | if (strncmp(argv[i], "--output=", 9) == 0) { |
34 | found = 1; | 33 | outindex = i; |
35 | invalid_filename(argv[i] + 9); | ||
36 | outfile = argv[i] + 9; | ||
37 | |||
38 | // do not accept directories, links, and files with ".." | ||
39 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { | ||
40 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | ||
41 | exit(1); | ||
42 | } | ||
43 | |||
44 | struct stat s; | ||
45 | if (stat(outfile, &s) == 0) { | ||
46 | // check permissions | ||
47 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | ||
48 | fprintf(stderr, "Error: the output file needs to be owned by the current user.\n"); | ||
49 | exit(1); | ||
50 | } | ||
51 | |||
52 | // check hard links | ||
53 | if (s.st_nlink != 1) { | ||
54 | fprintf(stderr, "Error: no hard links allowed.\n"); | ||
55 | exit(1); | ||
56 | } | ||
57 | } | ||
58 | |||
59 | /* coverity[toctou] */ | ||
60 | FILE *fp = fopen(outfile, "a"); | ||
61 | if (!fp) { | ||
62 | fprintf(stderr, "Error: cannot open output file %s\n", outfile); | ||
63 | exit(1); | ||
64 | } | ||
65 | fclose(fp); | ||
66 | break; | 34 | break; |
67 | } | 35 | } |
68 | } | 36 | } |
69 | if (!found) | 37 | if (!outindex) |
70 | return; | 38 | return; |
71 | 39 | ||
72 | 40 | ||
41 | // check filename | ||
42 | drop_privs(0); | ||
43 | char *outfile = NULL; | ||
44 | invalid_filename(argv[outindex] + 9); | ||
45 | outfile = argv[outindex] + 9; | ||
46 | |||
47 | // do not accept directories, links, and files with ".." | ||
48 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { | ||
49 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | ||
50 | exit(1); | ||
51 | } | ||
52 | |||
53 | struct stat s; | ||
54 | if (stat(outfile, &s) == 0) { | ||
55 | // check permissions | ||
56 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | ||
57 | fprintf(stderr, "Error: the output file needs to be owned by the current user.\n"); | ||
58 | exit(1); | ||
59 | } | ||
60 | |||
61 | // check hard links | ||
62 | if (s.st_nlink != 1) { | ||
63 | fprintf(stderr, "Error: no hard links allowed.\n"); | ||
64 | exit(1); | ||
65 | } | ||
66 | } | ||
67 | |||
73 | // build the new command line | 68 | // build the new command line |
74 | int len = 0; | 69 | int len = 0; |
75 | for (i = 0; i < argc; i++) { | 70 | for (i = 0; i < argc; i++) { |
@@ -90,7 +85,6 @@ void check_output(int argc, char **argv) { | |||
90 | sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); | 85 | sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); |
91 | 86 | ||
92 | // run command | 87 | // run command |
93 | drop_privs(0); | ||
94 | char *a[4]; | 88 | char *a[4]; |
95 | a[0] = "/bin/bash"; | 89 | a[0] = "/bin/bash"; |
96 | a[1] = "-c"; | 90 | a[1] = "-c"; |