diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-02-19 16:16:50 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-02-19 16:16:50 -0500 |
| commit | 8b922b72ac0b508fcb50cf4d2ea3d8740e63604e (patch) | |
| tree | 463cdf4b5bde26f82c62f939268c265e706ba86a /src | |
| parent | euid switching (diff) | |
| download | firejail-8b922b72ac0b508fcb50cf4d2ea3d8740e63604e.tar.gz firejail-8b922b72ac0b508fcb50cf4d2ea3d8740e63604e.tar.zst firejail-8b922b72ac0b508fcb50cf4d2ea3d8740e63604e.zip | |
euid switching
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/caps.c | 2 | ||||
| -rw-r--r-- | src/firejail/cpu.c | 2 | ||||
| -rw-r--r-- | src/firejail/fs_etc.c | 1 | ||||
| -rw-r--r-- | src/firejail/profile.c | 1 | ||||
| -rw-r--r-- | src/firejail/util.c | 11 |
5 files changed, 12 insertions, 5 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 838934aee..d623c5fd3 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
| @@ -193,7 +193,6 @@ static int caps_find_name(const char *name) { | |||
| 193 | 193 | ||
| 194 | // return 1 if error, 0 if OK | 194 | // return 1 if error, 0 if OK |
| 195 | int caps_check_list(const char *clist, void (*callback)(int)) { | 195 | int caps_check_list(const char *clist, void (*callback)(int)) { |
| 196 | |||
| 197 | // don't allow empty lists | 196 | // don't allow empty lists |
| 198 | if (clist == NULL || *clist == '\0') { | 197 | if (clist == NULL || *clist == '\0') { |
| 199 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); | 198 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); |
| @@ -400,6 +399,7 @@ static uint64_t extract_caps(int pid) { | |||
| 400 | 399 | ||
| 401 | 400 | ||
| 402 | void caps_print_filter_name(const char *name) { | 401 | void caps_print_filter_name(const char *name) { |
| 402 | EUID_ASSERT(); | ||
| 403 | if (!name || strlen(name) == 0) { | 403 | if (!name || strlen(name) == 0) { |
| 404 | fprintf(stderr, "Error: invalid sandbox name\n"); | 404 | fprintf(stderr, "Error: invalid sandbox name\n"); |
| 405 | exit(1); | 405 | exit(1); |
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index bfad1dc25..23906ae48 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
| @@ -40,6 +40,8 @@ static void set_cpu(const char *str) { | |||
| 40 | } | 40 | } |
| 41 | 41 | ||
| 42 | void read_cpu_list(const char *str) { | 42 | void read_cpu_list(const char *str) { |
| 43 | EUID_ASSERT(); | ||
| 44 | |||
| 43 | char *tmp = strdup(str); | 45 | char *tmp = strdup(str); |
| 44 | if (tmp == NULL) | 46 | if (tmp == NULL) |
| 45 | errExit("strdup"); | 47 | errExit("strdup"); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index c3a247331..5a8bf6904 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
| @@ -57,6 +57,7 @@ static int check_dir_or_file(const char *name) { | |||
| 57 | } | 57 | } |
| 58 | 58 | ||
| 59 | void fs_check_etc_list(void) { | 59 | void fs_check_etc_list(void) { |
| 60 | EUID_ASSERT(); | ||
| 60 | if (strstr(cfg.etc_private_keep, "..")) { | 61 | if (strstr(cfg.etc_private_keep, "..")) { |
| 61 | fprintf(stderr, "Error: invalid private etc list\n"); | 62 | fprintf(stderr, "Error: invalid private etc list\n"); |
| 62 | exit(1); | 63 | exit(1); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 518fdf194..112454396 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -25,6 +25,7 @@ | |||
| 25 | 25 | ||
| 26 | // find and read the profile specified by name from dir directory | 26 | // find and read the profile specified by name from dir directory |
| 27 | int profile_find(const char *name, const char *dir) { | 27 | int profile_find(const char *name, const char *dir) { |
| 28 | EUID_ASSERT(); | ||
| 28 | assert(name); | 29 | assert(name); |
| 29 | assert(dir); | 30 | assert(dir); |
| 30 | 31 | ||
diff --git a/src/firejail/util.c b/src/firejail/util.c index a74693c7a..3463095f9 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -258,6 +258,7 @@ int is_link(const char *fname) { | |||
| 258 | 258 | ||
| 259 | // remove multiple spaces and return allocated memory | 259 | // remove multiple spaces and return allocated memory |
| 260 | char *line_remove_spaces(const char *buf) { | 260 | char *line_remove_spaces(const char *buf) { |
| 261 | EUID_ASSERT(); | ||
| 261 | assert(buf); | 262 | assert(buf); |
| 262 | if (strlen(buf) == 0) | 263 | if (strlen(buf) == 0) |
| 263 | return NULL; | 264 | return NULL; |
| @@ -307,6 +308,7 @@ char *line_remove_spaces(const char *buf) { | |||
| 307 | 308 | ||
| 308 | 309 | ||
| 309 | char *split_comma(char *str) { | 310 | char *split_comma(char *str) { |
| 311 | EUID_ASSERT(); | ||
| 310 | if (str == NULL || *str == '\0') | 312 | if (str == NULL || *str == '\0') |
| 311 | return NULL; | 313 | return NULL; |
| 312 | char *ptr = strchr(str, ','); | 314 | char *ptr = strchr(str, ','); |
| @@ -340,6 +342,7 @@ int not_unsigned(const char *str) { | |||
| 340 | #define BUFLEN 4096 | 342 | #define BUFLEN 4096 |
| 341 | // find the first child for this parent; return 1 if error | 343 | // find the first child for this parent; return 1 if error |
| 342 | int find_child(pid_t parent, pid_t *child) { | 344 | int find_child(pid_t parent, pid_t *child) { |
| 345 | EUID_ASSERT(); | ||
| 343 | *child = 0; // use it to flag a found child | 346 | *child = 0; // use it to flag a found child |
| 344 | 347 | ||
| 345 | DIR *dir; | 348 | DIR *dir; |
| @@ -530,8 +533,7 @@ void notify_other(int fd) { | |||
| 530 | // directory (supplied). | 533 | // directory (supplied). |
| 531 | // The return value is allocated using malloc and must be freed by the caller. | 534 | // The return value is allocated using malloc and must be freed by the caller. |
| 532 | // The function returns NULL if there are any errors. | 535 | // The function returns NULL if there are any errors. |
| 533 | char *expand_home(const char *path, const char* homedir) | 536 | char *expand_home(const char *path, const char* homedir) { |
| 534 | { | ||
| 535 | assert(path); | 537 | assert(path); |
| 536 | assert(homedir); | 538 | assert(homedir); |
| 537 | 539 | ||
| @@ -554,8 +556,7 @@ char *expand_home(const char *path, const char* homedir) | |||
| 554 | // Equivalent to the GNU version of basename, which is incompatible with | 556 | // Equivalent to the GNU version of basename, which is incompatible with |
| 555 | // the POSIX basename. A few lines of code saves any portability pain. | 557 | // the POSIX basename. A few lines of code saves any portability pain. |
| 556 | // https://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html#index-basename | 558 | // https://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html#index-basename |
| 557 | const char *gnu_basename(const char *path) | 559 | const char *gnu_basename(const char *path) { |
| 558 | { | ||
| 559 | const char *last_slash = strrchr(path, '/'); | 560 | const char *last_slash = strrchr(path, '/'); |
| 560 | if (!last_slash) | 561 | if (!last_slash) |
| 561 | return path; | 562 | return path; |
| @@ -563,6 +564,7 @@ const char *gnu_basename(const char *path) | |||
| 563 | } | 564 | } |
| 564 | 565 | ||
| 565 | uid_t pid_get_uid(pid_t pid) { | 566 | uid_t pid_get_uid(pid_t pid) { |
| 567 | EUID_ASSERT(); | ||
| 566 | uid_t rv = 0; | 568 | uid_t rv = 0; |
| 567 | 569 | ||
| 568 | // open status file | 570 | // open status file |
| @@ -606,6 +608,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
| 606 | } | 608 | } |
| 607 | 609 | ||
| 608 | void invalid_filename(const char *fname) { | 610 | void invalid_filename(const char *fname) { |
| 611 | EUID_ASSERT(); | ||
| 609 | assert(fname); | 612 | assert(fname); |
| 610 | const char *ptr = fname; | 613 | const char *ptr = fname; |
| 611 | 614 | ||