diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-08-28 20:50:27 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2018-08-28 20:50:27 +0200 |
| commit | 0c2cbf05aa9553fbf5c90fb69928f2b276fead8b (patch) | |
| tree | 37997aeab316facdc31aa1191d8f269fad512128 /src | |
| parent | fix private-tmp and private-dev in fbuilder (diff) | |
| download | firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.tar.gz firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.tar.zst firejail-0c2cbf05aa9553fbf5c90fb69928f2b276fead8b.zip | |
improve --chroot directory check
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index b3a8dcfd7..3690dee87 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1506,9 +1506,14 @@ int main(int argc, char **argv) { | |||
| 1506 | return 1; | 1506 | return 1; |
| 1507 | } | 1507 | } |
| 1508 | 1508 | ||
| 1509 | // don't allow "--chroot=/" | ||
| 1510 | char *rpath = realpath(cfg.chrootdir, NULL); | 1509 | char *rpath = realpath(cfg.chrootdir, NULL); |
| 1511 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | 1510 | if (rpath == NULL) { |
| 1511 | fprintf(stderr, "Error: invalid chroot directory\n"); | ||
| 1512 | exit(1); | ||
| 1513 | } | ||
| 1514 | // don't allow "--chroot=/" | ||
| 1515 | trim_trailing_slash_or_dot(rpath); | ||
| 1516 | if (strcmp(rpath, "/") == 0) { | ||
| 1512 | fprintf(stderr, "Error: invalid chroot directory\n"); | 1517 | fprintf(stderr, "Error: invalid chroot directory\n"); |
| 1513 | exit(1); | 1518 | exit(1); |
| 1514 | } | 1519 | } |