diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-10-15 23:28:32 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2020-10-16 21:54:04 +0300 |
commit | aabd38f4972de076354991ffda4f5ce5b7f59d7e (patch) | |
tree | c0595e81b9c870012ce9084f16ab0dc7d674318a /src | |
parent | Merge pull request #3672 from hlein/fix-py-shebang (diff) | |
download | firejail-aabd38f4972de076354991ffda4f5ce5b7f59d7e.tar.gz firejail-aabd38f4972de076354991ffda4f5ce5b7f59d7e.tar.zst firejail-aabd38f4972de076354991ffda4f5ce5b7f59d7e.zip |
Apply --rmenv immediately to help to avoid the env var length check
Remove environment variables with --rmenv immediately. This fixes
removing long environment variables (LS_COLORS generated by vivid),
previously the length filter would trip before the command was
processed.
This changes user visible behavior slightly, for example --rmenv=LANG
now applies also to Firejail, while earlier it would only apply to
sandboxed program.
Partially fixes #3673, but not handling `rmenv` in profiles.
Also suggest --rmenv when there are problems with enviroment
variables.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/profile.c | 1 |
2 files changed, 7 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 06f81a987..0d67c2a64 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1004,17 +1004,21 @@ int main(int argc, char **argv, char **envp) { | |||
1004 | fprintf(stderr, "Error: too long arguments\n"); | 1004 | fprintf(stderr, "Error: too long arguments\n"); |
1005 | exit(1); | 1005 | exit(1); |
1006 | } | 1006 | } |
1007 | // Also remove requested environment variables | ||
1008 | // entirely to avoid tripping the length check below | ||
1009 | if (strncmp(argv[i], "--rmenv=", 8) == 0) | ||
1010 | unsetenv(argv[i] + 8); | ||
1007 | } | 1011 | } |
1008 | 1012 | ||
1009 | // sanity check for environment variables | 1013 | // sanity check for environment variables |
1010 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) { | 1014 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) { |
1011 | if (strlen(*ptr) >= MAX_ENV_LEN) { | 1015 | if (strlen(*ptr) >= MAX_ENV_LEN) { |
1012 | fprintf(stderr, "Error: too long environment variables\n"); | 1016 | fprintf(stderr, "Error: too long environment variables, please use --rmenv\n"); |
1013 | exit(1); | 1017 | exit(1); |
1014 | } | 1018 | } |
1015 | } | 1019 | } |
1016 | if (i >= MAX_ENVS) { | 1020 | if (i >= MAX_ENVS) { |
1017 | fprintf(stderr, "Error: too many environment variables\n"); | 1021 | fprintf(stderr, "Error: too many environment variables, please use --rmenv\n"); |
1018 | exit(1); | 1022 | exit(1); |
1019 | } | 1023 | } |
1020 | 1024 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8c29fe81c..ed736521a 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -912,6 +912,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
912 | return 0; | 912 | return 0; |
913 | } | 913 | } |
914 | if (strncmp(ptr, "rmenv ", 6) == 0) { | 914 | if (strncmp(ptr, "rmenv ", 6) == 0) { |
915 | unsetenv(ptr + 6); // Remove also immediately from Firejail itself | ||
915 | env_store(ptr + 6, RMENV); | 916 | env_store(ptr + 6, RMENV); |
916 | return 0; | 917 | return 0; |
917 | } | 918 | } |