diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-11-19 16:20:53 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-11-19 16:20:53 -0500 |
| commit | 2249adbb29ec0c00c5603bfe1a58db14ca0ed6cf (patch) | |
| tree | abf80fce25d31c5d88e001fcc65ec3c501528727 /src | |
| parent | prevent leaking user information by modifying /home directory, /etc/passwd an... (diff) | |
| download | firejail-2249adbb29ec0c00c5603bfe1a58db14ca0ed6cf.tar.gz firejail-2249adbb29ec0c00c5603bfe1a58db14ca0ed6cf.tar.zst firejail-2249adbb29ec0c00c5603bfe1a58db14ca0ed6cf.zip | |
fix directory ownership for --whitelist command
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_whitelist.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index b081752f4..fccb82735 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -27,14 +27,25 @@ | |||
| 27 | #include <fcntl.h> | 27 | #include <fcntl.h> |
| 28 | #include <errno.h> | 28 | #include <errno.h> |
| 29 | 29 | ||
| 30 | static int mkpath(const char* path, mode_t mode) { | 30 | static int mkpath(const char* path) { |
| 31 | assert(path && *path); | 31 | assert(path && *path); |
| 32 | 32 | ||
| 33 | // create directories with a 0755 mode | ||
| 34 | mode_t mode = 0755; | ||
| 35 | |||
| 36 | // create directories with uid/gid as root or as current user if inside home directory | ||
| 37 | uid_t uid = getuid(); | ||
| 38 | gid_t gid = getgid(); | ||
| 39 | if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
| 40 | uid = 0; | ||
| 41 | gid = 0; | ||
| 42 | } | ||
| 43 | |||
| 33 | // work on a copy of the path | 44 | // work on a copy of the path |
| 34 | char *file_path = strdup(path); | 45 | char *file_path = strdup(path); |
| 35 | if (!file_path) | 46 | if (!file_path) |
| 36 | errExit("strdup"); | 47 | errExit("strdup"); |
| 37 | 48 | ||
| 38 | char* p; | 49 | char* p; |
| 39 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { | 50 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { |
| 40 | *p='\0'; | 51 | *p='\0'; |
| @@ -46,7 +57,10 @@ static int mkpath(const char* path, mode_t mode) { | |||
| 46 | } | 57 | } |
| 47 | } | 58 | } |
| 48 | else { | 59 | else { |
| 49 | // TODO: set correct directory mode and properties | 60 | if (chmod(file_path, mode) == -1) |
| 61 | errExit("chmod"); | ||
| 62 | if (chown(file_path, uid, gid) == -1) | ||
| 63 | errExit("chown"); | ||
| 50 | } | 64 | } |
| 51 | 65 | ||
| 52 | *p='/'; | 66 | *p='/'; |
| @@ -128,7 +142,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 128 | } | 142 | } |
| 129 | 143 | ||
| 130 | // create the path if necessary | 144 | // create the path if necessary |
| 131 | mkpath(path, 0755); | 145 | mkpath(path); |
| 132 | 146 | ||
| 133 | // process directory | 147 | // process directory |
| 134 | if (S_ISDIR(s.st_mode)) { | 148 | if (S_ISDIR(s.st_mode)) { |
| @@ -403,7 +417,7 @@ void fs_whitelist(void) { | |||
| 403 | struct stat s; | 417 | struct stat s; |
| 404 | if (stat(entry->link, &s) != 0) { | 418 | if (stat(entry->link, &s) != 0) { |
| 405 | // create the path if necessary | 419 | // create the path if necessary |
| 406 | mkpath(entry->link, 0755); | 420 | mkpath(entry->link); |
| 407 | 421 | ||
| 408 | int rv = symlink(entry->data + 10, entry->link); | 422 | int rv = symlink(entry->data + 10, entry->link); |
| 409 | if (rv) | 423 | if (rv) |