diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-08-15 09:44:54 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-08-15 09:44:54 -0400 |
| commit | 00258a8e5c1f31b60020302cf1560cd0d13260ad (patch) | |
| tree | 33be5b6e5bc17b6d2a0550a5197708110bd49f91 /src | |
| parent | more ssh fixes (diff) | |
| download | firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.tar.gz firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.tar.zst firejail-00258a8e5c1f31b60020302cf1560cd0d13260ad.zip | |
removed prompt, ssh fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/env.c | 4 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 2 | ||||
| -rw-r--r-- | src/firejail/main.c | 63 | ||||
| -rw-r--r-- | src/firejail/restricted_shell.c | 24 |
4 files changed, 73 insertions, 20 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index 328b19c5b..c05abadca 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
| @@ -125,8 +125,8 @@ void env_defaults(void) { | |||
| 125 | errExit("setenv"); | 125 | errExit("setenv"); |
| 126 | // set prompt color to green | 126 | // set prompt color to green |
| 127 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | 127 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' |
| 128 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | 128 | // if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) |
| 129 | errExit("setenv"); | 129 | // errExit("setenv"); |
| 130 | 130 | ||
| 131 | // set the window title | 131 | // set the window title |
| 132 | printf("\033]0;firejail %s\007", cfg.window_title); | 132 | printf("\033]0;firejail %s\007", cfg.window_title); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2a96afa1b..ce232ace5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -22,6 +22,8 @@ | |||
| 22 | #include "../include/common.h" | 22 | #include "../include/common.h" |
| 23 | #include "../include/euid_common.h" | 23 | #include "../include/euid_common.h" |
| 24 | 24 | ||
| 25 | // debug restricted shell | ||
| 26 | //#define DEBUG_RESTRICTED_SHELL | ||
| 25 | 27 | ||
| 26 | // filesystem | 28 | // filesystem |
| 27 | #define RUN_FIREJAIL_BASEDIR "/run" | 29 | #define RUN_FIREJAIL_BASEDIR "/run" |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 6f1e7531a..047d1a010 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -879,25 +879,35 @@ int main(int argc, char **argv) { | |||
| 879 | arg_quiet = 1; | 879 | arg_quiet = 1; |
| 880 | parent_sshd = 1; | 880 | parent_sshd = 1; |
| 881 | 881 | ||
| 882 | #if 0 | 882 | #ifdef DEBUG_RESTRICTED_SHELL |
| 883 | EUID_ROOT(); | 883 | {EUID_ROOT(); |
| 884 | FILE *fp = fopen("/mylog", "w"); | 884 | FILE *fp = fopen("/firelog", "w"); |
| 885 | if (fp) { | 885 | if (fp) { |
| 886 | int i; | 886 | int i; |
| 887 | for (i = 0; i < argc; i++) | 887 | fprintf(fp, "argc %d: ", argc); |
| 888 | fprintf(fp, "#%s# ", argv[i]); | 888 | for (i = 0; i < argc; i++) |
| 889 | fprintf(fp, "\n"); | 889 | fprintf(fp, "#%s# ", argv[i]); |
| 890 | fclose(fp); | 890 | fprintf(fp, "\n"); |
| 891 | } | 891 | fclose(fp); |
| 892 | EUID_USER(); | 892 | } |
| 893 | EUID_USER();} | ||
| 893 | #endif | 894 | #endif |
| 894 | |||
| 895 | // run sftp and scp directly without any sandboxing | 895 | // run sftp and scp directly without any sandboxing |
| 896 | // regular login has argv[0] == "-firejail" | 896 | // regular login has argv[0] == "-firejail" |
| 897 | if (*argv[0] != '-') { | 897 | if (*argv[0] != '-') { |
| 898 | if (strcmp(argv[1], "-c") == 0 && argc > 2) { | 898 | if (strcmp(argv[1], "-c") == 0 && argc > 2) { |
| 899 | if (strcmp(argv[2], "/usr/lib/openssh/sftp-server") == 0 || | 899 | if (strcmp(argv[2], "/usr/lib/openssh/sftp-server") == 0 || |
| 900 | strncmp(argv[2], "scp ", 4) == 0) { | 900 | strncmp(argv[2], "scp ", 4) == 0) { |
| 901 | #ifdef DEBUG_RESTRICTED_SHELL | ||
| 902 | {EUID_ROOT(); | ||
| 903 | FILE *fp = fopen("/firelog", "a"); | ||
| 904 | if (fp) { | ||
| 905 | fprintf(fp, "run without a sandbox\n"); | ||
| 906 | fclose(fp); | ||
| 907 | } | ||
| 908 | EUID_USER();} | ||
| 909 | #endif | ||
| 910 | |||
| 901 | drop_privs(1); | 911 | drop_privs(1); |
| 902 | run_no_sandbox(argc, argv); | 912 | run_no_sandbox(argc, argv); |
| 903 | } | 913 | } |
| @@ -914,6 +924,21 @@ EUID_USER(); | |||
| 914 | login_shell = 1; | 924 | login_shell = 1; |
| 915 | fullargc = restricted_shell(cfg.username); | 925 | fullargc = restricted_shell(cfg.username); |
| 916 | if (fullargc) { | 926 | if (fullargc) { |
| 927 | |||
| 928 | #ifdef DEBUG_RESTRICTED_SHELL | ||
| 929 | {EUID_ROOT(); | ||
| 930 | FILE *fp = fopen("/firelog", "a"); | ||
| 931 | if (fp) { | ||
| 932 | fprintf(fp, "fullargc %d: ", fullargc); | ||
| 933 | int i; | ||
| 934 | for (i = 0; i < fullargc; i++) | ||
| 935 | fprintf(fp, "#%s# ", fullargv[i]); | ||
| 936 | fprintf(fp, "\n"); | ||
| 937 | fclose(fp); | ||
| 938 | } | ||
| 939 | EUID_USER();} | ||
| 940 | #endif | ||
| 941 | |||
| 917 | int j; | 942 | int j; |
| 918 | for (i = 1, j = fullargc; i < argc && j < MAX_ARGS; i++, j++, fullargc++) | 943 | for (i = 1, j = fullargc; i < argc && j < MAX_ARGS; i++, j++, fullargc++) |
| 919 | fullargv[j] = argv[i]; | 944 | fullargv[j] = argv[i]; |
| @@ -921,6 +946,20 @@ EUID_USER(); | |||
| 921 | // replace argc/argv with fullargc/fullargv | 946 | // replace argc/argv with fullargc/fullargv |
| 922 | argv = fullargv; | 947 | argv = fullargv; |
| 923 | argc = j; | 948 | argc = j; |
| 949 | |||
| 950 | #ifdef DEBUG_RESTRICTED_SHELL | ||
| 951 | {EUID_ROOT(); | ||
| 952 | FILE *fp = fopen("/firelog", "a"); | ||
| 953 | if (fp) { | ||
| 954 | fprintf(fp, "argc %d: ", argc); | ||
| 955 | int i; | ||
| 956 | for (i = 0; i < argc; i++) | ||
| 957 | fprintf(fp, "#%s# ", argv[i]); | ||
| 958 | fprintf(fp, "\n"); | ||
| 959 | fclose(fp); | ||
| 960 | } | ||
| 961 | EUID_USER();} | ||
| 962 | #endif | ||
| 924 | } | 963 | } |
| 925 | } | 964 | } |
| 926 | else { | 965 | else { |
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index e66ed0e6b..24ce27c2e 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
| @@ -84,16 +84,28 @@ int restricted_shell(const char *user) { | |||
| 84 | int i; | 84 | int i; |
| 85 | ptr = args; | 85 | ptr = args; |
| 86 | for (i = 1; i < MAX_ARGS; i++) { | 86 | for (i = 1; i < MAX_ARGS; i++) { |
| 87 | fullargv[i] = ptr; | 87 | // skip blanks |
| 88 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | 88 | while (*ptr == ' ' || *ptr == '\t') |
| 89 | ptr++; | 89 | ptr++; |
| 90 | fullargv[i] = ptr; | ||
| 91 | #ifdef DEBUG_RESTRICTED_SHELL | ||
| 92 | {EUID_ROOT(); | ||
| 93 | FILE *fp = fopen("/firelog", "a"); | ||
| 94 | if (fp) { | ||
| 95 | fprintf(fp, "i %d ptr #%s#\n", i, fullargv[i]); | ||
| 96 | fclose(fp); | ||
| 97 | } | ||
| 98 | EUID_USER();} | ||
| 99 | #endif | ||
| 100 | |||
| 90 | if (*ptr != '\0') { | 101 | if (*ptr != '\0') { |
| 102 | // go to the end of the word | ||
| 103 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
| 104 | ptr++; | ||
| 91 | *ptr ='\0'; | 105 | *ptr ='\0'; |
| 92 | fullargv[i] = strdup(fullargv[i]); | 106 | fullargv[i] = strdup(fullargv[i]); |
| 93 | if (fullargv[i] == NULL) { | 107 | if (fullargv[i] == NULL) |
| 94 | fprintf(stderr, "Error: cannot allocate memory\n"); | 108 | errExit("strdup"); |
| 95 | exit(1); | ||
| 96 | } | ||
| 97 | ptr++; | 109 | ptr++; |
| 98 | while (*ptr == ' ' || *ptr == '\t') | 110 | while (*ptr == ' ' || *ptr == '\t') |
| 99 | ptr++; | 111 | ptr++; |