diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-08-14 15:28:29 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2016-08-14 15:28:29 -0400 |
| commit | d6deffe30d858673b5c6142d17da1ff8b04e55d1 (patch) | |
| tree | 16b3c34074c9edf62a974e24fb1343c539c9a2fd /src | |
| parent | fixed login shell (diff) | |
| parent | CS fixes (diff) | |
| download | firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.tar.gz firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.tar.zst firejail-d6deffe30d858673b5c6142d17da1ff8b04e55d1.zip | |
Merge pull request #713 from i-MSCP/master
Fixed #712
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 17 | ||||
| -rw-r--r-- | src/firejail/main.c | 13 |
2 files changed, 21 insertions, 9 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5fe31cec8..98b661028 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -1110,13 +1110,16 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
| 1110 | } | 1110 | } |
| 1111 | free(name); | 1111 | free(name); |
| 1112 | 1112 | ||
| 1113 | // check shell | 1113 | // check shell (test not needed. We already test access in main.c) |
| 1114 | if (!arg_shell_none) { | 1114 | //if (!arg_shell_none) { |
| 1115 | if (stat(cfg.shell, &s) == -1) { | 1115 | // if (asprintf(&name, "%s%s", rootdir, (char *)&cfg.shell) == -1) |
| 1116 | fprintf(stderr, "Error: cannot find %s in chroot directory\n", cfg.shell); | 1116 | // errExit("asprintf"); |
| 1117 | return 1; | 1117 | // if (stat(name, &s) == -1) { |
| 1118 | } | 1118 | // fprintf(stderr, "Error: cannot find %s in chroot directory\n", name); |
| 1119 | } | 1119 | // return 1; |
| 1120 | // } | ||
| 1121 | // free(name); | ||
| 1122 | //} | ||
| 1120 | 1123 | ||
| 1121 | // check x11 socket directory | 1124 | // check x11 socket directory |
| 1122 | if (getenv("FIREJAIL_X11")) { | 1125 | if (getenv("FIREJAIL_X11")) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index fbffedbde..3e5663a9b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1956,9 +1956,18 @@ EUID_USER(); | |||
| 1956 | fprintf(stderr, "Error: invalid shell\n"); | 1956 | fprintf(stderr, "Error: invalid shell\n"); |
| 1957 | exit(1); | 1957 | exit(1); |
| 1958 | } | 1958 | } |
| 1959 | 1959 | ||
| 1960 | // access call checks as real UID/GID, not as effective UID/GID | 1960 | // access call checks as real UID/GID, not as effective UID/GID |
| 1961 | if (access(cfg.shell, R_OK)) { | 1961 | if(cfg.chrootdir) { |
| 1962 | char *shellpath; | ||
| 1963 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | ||
| 1964 | errExit("asprintf"); | ||
| 1965 | if (access(shellpath, R_OK)) { | ||
| 1966 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | ||
| 1967 | exit(1); | ||
| 1968 | } | ||
| 1969 | free(shellpath); | ||
| 1970 | } else if (access(cfg.shell, R_OK)) { | ||
| 1962 | fprintf(stderr, "Error: cannot access shell file\n"); | 1971 | fprintf(stderr, "Error: cannot access shell file\n"); |
| 1963 | exit(1); | 1972 | exit(1); |
| 1964 | } | 1973 | } |