diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-27 10:16:07 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-27 10:16:07 -0400 |
| commit | 6144229605177764b7f3f3450c1a47f56595dc9e (patch) | |
| tree | abc7cff5e879aa7b03b67674e81cf0506dedd41c /src | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-6144229605177764b7f3f3450c1a47f56595dc9e.tar.gz firejail-6144229605177764b7f3f3450c1a47f56595dc9e.tar.zst firejail-6144229605177764b7f3f3450c1a47f56595dc9e.zip | |
security: overwrite /etc/resolv.conf
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 8 | ||||
| -rw-r--r-- | src/firejail/util.c | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index b5a97c71e..f41d5fcd3 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1605,6 +1605,14 @@ int main(int argc, char **argv) { | |||
| 1605 | return 1; | 1605 | return 1; |
| 1606 | } | 1606 | } |
| 1607 | 1607 | ||
| 1608 | // don't allow "--chroot=/" | ||
| 1609 | char *rpath = realpath(cfg.chrootdir, NULL); | ||
| 1610 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | ||
| 1611 | fprintf(stderr, "Error: invalid chroot directory\n"); | ||
| 1612 | exit(1); | ||
| 1613 | } | ||
| 1614 | free(rpath); | ||
| 1615 | |||
| 1608 | // check chroot directory structure | 1616 | // check chroot directory structure |
| 1609 | if (fs_check_chroot_dir(cfg.chrootdir)) { | 1617 | if (fs_check_chroot_dir(cfg.chrootdir)) { |
| 1610 | fprintf(stderr, "Error: invalid chroot\n"); | 1618 | fprintf(stderr, "Error: invalid chroot\n"); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index f38b02fd0..4b2e09953 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -171,11 +171,17 @@ void logerr(const char *msg) { | |||
| 171 | } | 171 | } |
| 172 | 172 | ||
| 173 | 173 | ||
| 174 | // return -1 if error, 0 if no error | 174 | // return -1 if error, 0 if no error; if destname already exists, return error |
| 175 | int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { | 175 | int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { |
| 176 | assert(srcname); | 176 | assert(srcname); |
| 177 | assert(destname); | 177 | assert(destname); |
| 178 | 178 | ||
| 179 | struct stat s; | ||
| 180 | if (stat(destname, &s) == 0) { | ||
| 181 | fprintf(stderr, "Error: file %s already exists\n", destname); | ||
| 182 | return -1; | ||
| 183 | } | ||
| 184 | |||
| 179 | // open source | 185 | // open source |
| 180 | int src = open(srcname, O_RDONLY); | 186 | int src = open(srcname, O_RDONLY); |
| 181 | if (src < 0) { | 187 | if (src < 0) { |