run_no_sandbox fix

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-18 18:03:24 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-18 18:03:24 +0300
commit: 3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07 (patch)
tree: 9f33c90d25a3a1c53495fc8159aaa3e5109a045c /src
parent: overlay etc. (diff)
download: firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.tar.gz
firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.tar.zst
firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.zip
3 files changed, 110 insertions, 44 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 633935108..8301a79a0 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -283,6 +283,7 @@ char *guess_shell(void);
 // sandbox.c
 int sandbox(void* sandbox_arg);
+void start_application(void);
 // network_main.c
 void net_configure_bridge(Bridge *br, char *dev_name);
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 80ed72dca..090c06761 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -162,54 +162,119 @@ int check_kernel_procs(void) {
 void run_no_sandbox(int argc, char **argv) {
        EUID_ASSERT();
-        // build command
+        // process limited subset of options
-        char *command = NULL;
+        int i;
-        int allocated = 0;
+        for (i = 0; i < argc; i++) {
-        if (argc == 1)
+                if (strcmp(argv[i], "--csh") == 0) {
-                command = "/bin/bash";
+                        if (arg_shell_none) {
-        else {
+                                fprintf(stderr, "Error: --shell=none was already specified.\n");
-                // calculate length
+                                exit(1);
-                int len = 0;
+                        }
-                int i;
+                        if (cfg.shell) {
-                for (i = 1; i < argc; i++) {
+                                fprintf(stderr, "Error: only one default user shell can be specified\n");
-                        if (i == 1 && strcmp(argv[i], "-c") == 0)
+                                exit(1);
-                                continue;
+                        }
-                        if (*argv[i] == '-')
+                        cfg.shell = "/bin/csh";
-                                continue;
-                        break;
                }
-                int start_index = i;
+                else if (strcmp(argv[i], "--zsh") == 0) {
-                for (i = start_index; i < argc; i++)
+                        if (arg_shell_none) {
-                        len += strlen(argv[i]) + 3;
+                                fprintf(stderr, "Error: --shell=none was already specified.\n");
-                
+                                exit(1);
-                // allocate
+                        }
-                command = malloc(len + 1);
+                        if (cfg.shell) {
-                if (!command)
+                                fprintf(stderr, "Error: only one default user shell can be specified\n");
-                        errExit("malloc");
+                                exit(1);
-                memset(command, 0, len + 1);
+                        }
-                allocated = 1;
+                        cfg.shell = "/bin/zsh";
-                
+                }
-                // copy
+                else if (strcmp(argv[i], "--shell=none") == 0) {
-                for (i = start_index; i < argc; i++) {
+                        arg_shell_none = 1;
-                        if (strchr(argv[i], '&')) {
+                        if (cfg.shell) {
-                                strcat(command, "\"");
+                                fprintf(stderr, "Error: a shell was already specified\n");
-                                strcat(command, argv[i]);
+                                exit(1);
-                                strcat(command, "\" ");
+                        }
+                }
+                else if (strncmp(argv[i], "--shell=", 8) == 0) {
+                        if (arg_shell_none) {
+                                fprintf(stderr, "Error: --shell=none was already specified.\n");
+                                exit(1);
+                        }
+                        invalid_filename(argv[i] + 8);
+                        if (cfg.shell) {
+                                fprintf(stderr, "Error: only one user shell can be specified\n");
+                                exit(1);
+                        }
+                        cfg.shell = argv[i] + 8;
+                        if (is_dir(cfg.shell) || strstr(cfg.shell, "..")) {
+                                fprintf(stderr, "Error: invalid shell\n");
+                                exit(1);
                        }
-                        else {
-                                strcat(command, argv[i]);
+                        // access call checks as real UID/GID, not as effective UID/GID
-                                strcat(command, " ");
+                        if(cfg.chrootdir) {
+                                char *shellpath;
+                                if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
+                                        errExit("asprintf");
+                                if (access(shellpath, R_OK)) {
+                                        fprintf(stderr, "Error: cannot access shell file in chroot\n");
+                                        exit(1);
+                                }
+                                free(shellpath);
+                        } else if (access(cfg.shell, R_OK)) {
+                                fprintf(stderr, "Error: cannot access shell file\n");
+                                exit(1);
                        }
                }
        }
-        
-        // start the program in /bin/sh
+        // use $SHELL to get shell used in sandbox
+        if (!arg_shell_none && !cfg.shell) {
+                char *shell =  secure_getenv("SHELL");
+                if (access(shell, R_OK) == 0)
+                        cfg.shell = shell;
+        }
+        // guess shell otherwise
+        if (!arg_shell_none && !cfg.shell) {
+                guess_shell();
+                if (arg_debug)
+                        printf("Autoselecting %s as shell\n", cfg.shell);
+        }
+        if (!arg_shell_none && !cfg.shell) {
+                fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");
+                exit(1);
+        }
+        int prog_index = 0;
+        // find first non option arg
+        for (i = 1; i < argc; i++) {
+                if (strncmp(argv[i],"--",2) != 0) {
+                        prog_index = i;
+                        break;
+                }
+        }
+        if (!arg_shell_none) {
+                if (prog_index == 0) {
+                        cfg.command_line = cfg.shell;
+                        cfg.window_title = cfg.shell;
+                } else {
+                        build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
+                }
+        }
+        cfg.original_argv = argv;
+        cfg.original_program_index = prog_index;
+        char *command;
+        if (prog_index == 0)
+                command = cfg.shell;
+        else
+                command = argv[prog_index];
        if (!arg_quiet)
                fprintf(stderr, "Warning: an existing sandbox was detected. "
-                        "%s will run without any additional sandboxing features in a /bin/sh shell\n", command);
+                        "%s will run without any additional sandboxing features\n", command);
-        int rv = system(command);
-        (void) rv;
+        start_application();
-        if (allocated)
-                free(command);
-        exit(1);
 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 8178cfc8e..c40ff1d03 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -284,7 +284,7 @@ void start_audit(void) {
        exit(1);
 }
-static void start_application(void) {
+void start_application(void) {
        //****************************************
        // audit
        //****************************************
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-18 18:03:24 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-18 18:03:24 +0300
commit	3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07 (patch)
tree	9f33c90d25a3a1c53495fc8159aaa3e5109a045c /src
parent	overlay etc. (diff)
download	firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.tar.gz firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.tar.zst firejail-3f69d4f42c45bfca9e68f9c3fec02edd0ae53c07.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 633935108..8301a79a0 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -283,6 +283,7 @@ char *guess_shell(void);
283		283
284	// sandbox.c	284	// sandbox.c
285	int sandbox(void* sandbox_arg);	285	int sandbox(void* sandbox_arg);
		286	void start_application(void);
286		287
287	// network_main.c	288	// network_main.c
288	void net_configure_bridge(Bridge br, char dev_name);	289	void net_configure_bridge(Bridge br, char dev_name);


diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 80ed72dca..090c06761 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c
@@ -162,54 +162,119 @@ int check_kernel_procs(void) {
162	void run_no_sandbox(int argc, char **argv) {	162	void run_no_sandbox(int argc, char **argv) {
163	EUID_ASSERT();	163	EUID_ASSERT();
164		164
165	// build command	165	// process limited subset of options
166	char *command = NULL;	166	int i;
167	int allocated = 0;	167	for (i = 0; i < argc; i++) {
168	if (argc == 1)	168	if (strcmp(argv[i], "--csh") == 0) {
169	command = "/bin/bash";	169	if (arg_shell_none) {
170	else {	170	fprintf(stderr, "Error: --shell=none was already specified.\n");
171	// calculate length	171	exit(1);
172	int len = 0;	172	}
173	int i;	173	if (cfg.shell) {
174	for (i = 1; i < argc; i++) {	174	fprintf(stderr, "Error: only one default user shell can be specified\n");
175	if (i == 1 && strcmp(argv[i], "-c") == 0)	175	exit(1);
176	continue;	176	}
177	if (*argv[i] == '-')	177	cfg.shell = "/bin/csh";
178	continue;
179	break;
180	}	178	}
181	int start_index = i;	179	else if (strcmp(argv[i], "--zsh") == 0) {
182	for (i = start_index; i < argc; i++)	180	if (arg_shell_none) {
183	len += strlen(argv[i]) + 3;	181	fprintf(stderr, "Error: --shell=none was already specified.\n");
184		182	exit(1);
185	// allocate	183	}
186	command = malloc(len + 1);	184	if (cfg.shell) {
187	if (!command)	185	fprintf(stderr, "Error: only one default user shell can be specified\n");
188	errExit("malloc");	186	exit(1);
189	memset(command, 0, len + 1);	187	}
190	allocated = 1;	188	cfg.shell = "/bin/zsh";
191		189	}
192	// copy	190	else if (strcmp(argv[i], "--shell=none") == 0) {
193	for (i = start_index; i < argc; i++) {	191	arg_shell_none = 1;
194	if (strchr(argv[i], '&')) {	192	if (cfg.shell) {
195	strcat(command, "\"");	193	fprintf(stderr, "Error: a shell was already specified\n");
196	strcat(command, argv[i]);	194	exit(1);
197	strcat(command, "\" ");	195	}
		196	}
		197	else if (strncmp(argv[i], "--shell=", 8) == 0) {
		198	if (arg_shell_none) {
		199	fprintf(stderr, "Error: --shell=none was already specified.\n");
		200	exit(1);
		201	}
		202	invalid_filename(argv[i] + 8);
		203
		204	if (cfg.shell) {
		205	fprintf(stderr, "Error: only one user shell can be specified\n");
		206	exit(1);
		207	}
		208	cfg.shell = argv[i] + 8;
		209
		210	if (is_dir(cfg.shell) \|\| strstr(cfg.shell, "..")) {
		211	fprintf(stderr, "Error: invalid shell\n");
		212	exit(1);
198	}	213	}
199	else {	214
200	strcat(command, argv[i]);	215	// access call checks as real UID/GID, not as effective UID/GID
201	strcat(command, " ");	216	if(cfg.chrootdir) {
		217	char *shellpath;
		218	if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
		219	errExit("asprintf");
		220	if (access(shellpath, R_OK)) {
		221	fprintf(stderr, "Error: cannot access shell file in chroot\n");
		222	exit(1);
		223	}
		224	free(shellpath);
		225	} else if (access(cfg.shell, R_OK)) {
		226	fprintf(stderr, "Error: cannot access shell file\n");
		227	exit(1);
202	}	228	}
203	}	229	}
204	}	230	}
205		231
206	// start the program in /bin/sh	232	// use $SHELL to get shell used in sandbox
		233	if (!arg_shell_none && !cfg.shell) {
		234	char *shell = secure_getenv("SHELL");
		235	if (access(shell, R_OK) == 0)
		236	cfg.shell = shell;
		237	}
		238	// guess shell otherwise
		239	if (!arg_shell_none && !cfg.shell) {
		240	guess_shell();
		241	if (arg_debug)
		242	printf("Autoselecting %s as shell\n", cfg.shell);
		243	}
		244	if (!arg_shell_none && !cfg.shell) {
		245	fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");
		246	exit(1);
		247	}
		248
		249	int prog_index = 0;
		250	// find first non option arg
		251	for (i = 1; i < argc; i++) {
		252	if (strncmp(argv[i],"--",2) != 0) {
		253	prog_index = i;
		254	break;
		255	}
		256	}
		257
		258	if (!arg_shell_none) {
		259	if (prog_index == 0) {
		260	cfg.command_line = cfg.shell;
		261	cfg.window_title = cfg.shell;
		262	} else {
		263	build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
		264	}
		265	}
		266
		267	cfg.original_argv = argv;
		268	cfg.original_program_index = prog_index;
		269
		270	char *command;
		271	if (prog_index == 0)
		272	command = cfg.shell;
		273	else
		274	command = argv[prog_index];
207	if (!arg_quiet)	275	if (!arg_quiet)
208	fprintf(stderr, "Warning: an existing sandbox was detected. "	276	fprintf(stderr, "Warning: an existing sandbox was detected. "
209	"%s will run without any additional sandboxing features in a /bin/sh shell\n", command);	277	"%s will run without any additional sandboxing features\n", command);
210	int rv = system(command);	278
211	(void) rv;	279	start_application();
212	if (allocated)
213	free(command);
214	exit(1);
215	}	280	}


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8178cfc8e..c40ff1d03 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -284,7 +284,7 @@ void start_audit(void) {
284	exit(1);	284	exit(1);
285	}	285	}
286		286
287	static void start_application(void) {	287	void start_application(void) {
288	//****************************************	288	//****************************************
289	// audit	289	// audit
290	//****************************************	290	//****************************************