diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-17 08:04:52 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-17 08:04:52 -0500 |
commit | cee0a4d375092f5c9e1097ce056dd10435b33e49 (patch) | |
tree | 36429445464c22b9e545229e3169093a39da28f8 /src | |
parent | testing (diff) | |
download | firejail-cee0a4d375092f5c9e1097ce056dd10435b33e49.tar.gz firejail-cee0a4d375092f5c9e1097ce056dd10435b33e49.tar.zst firejail-cee0a4d375092f5c9e1097ce056dd10435b33e49.zip |
testing
Diffstat (limited to 'src')
-rw-r--r-- | src/fcopy/main.c | 19 | ||||
-rw-r--r-- | src/firemon/caps.c | 1 | ||||
-rw-r--r-- | src/firemon/procevent.c | 6 | ||||
-rw-r--r-- | src/firemon/seccomp.c | 4 | ||||
-rw-r--r-- | src/ftee/main.c | 32 |
5 files changed, 23 insertions, 39 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 82d829bba..ca2643e7d 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -188,22 +188,19 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str | |||
188 | static char *check(const char *src) { | 188 | static char *check(const char *src) { |
189 | struct stat s; | 189 | struct stat s; |
190 | char *rsrc = realpath(src, NULL); | 190 | char *rsrc = realpath(src, NULL); |
191 | if (!rsrc || stat(rsrc, &s) == -1) { | 191 | if (!rsrc || stat(rsrc, &s) == -1) |
192 | fprintf(stderr, "Error fcopy: cannot find %s directory\n", src); | 192 | goto errexit; |
193 | exit(1); | ||
194 | } | ||
195 | 193 | ||
196 | // check uid | 194 | // check uid |
197 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | 195 | if (s.st_uid != getuid() || s.st_gid != getgid()) |
198 | fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc); | 196 | goto errexit; |
199 | exit(1); | ||
200 | } | ||
201 | 197 | ||
202 | // dir, link, regular file | 198 | // dir, link, regular file |
203 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) { | 199 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) |
204 | return rsrc; // normal exit from the function | 200 | return rsrc; // normal exit from the function |
205 | } | 201 | |
206 | fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc); | 202 | errexit: |
203 | fprintf(stderr, "Error fcopy: invalid file %s\n", src); | ||
207 | exit(1); | 204 | exit(1); |
208 | } | 205 | } |
209 | 206 | ||
diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 81877ab87..3f8a139ae 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c | |||
@@ -24,7 +24,6 @@ static void print_caps(int pid) { | |||
24 | char *file; | 24 | char *file; |
25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { |
26 | errExit("asprintf"); | 26 | errExit("asprintf"); |
27 | exit(1); | ||
28 | } | 27 | } |
29 | 28 | ||
30 | FILE *fp = fopen(file, "r"); | 29 | FILE *fp = fopen(file, "r"); |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 1940f4a34..edae21951 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) { | |||
43 | 43 | ||
44 | // open /proc/self/comm | 44 | // open /proc/self/comm |
45 | char *file; | 45 | char *file; |
46 | if (asprintf(&file, "/proc/%u/comm", pid) == -1) { | 46 | if (asprintf(&file, "/proc/%u/comm", pid) == -1) |
47 | perror("asprintf"); | 47 | errExit("asprintf"); |
48 | exit(1); | ||
49 | } | ||
50 | 48 | ||
51 | FILE *fp = fopen(file, "r"); | 49 | FILE *fp = fopen(file, "r"); |
52 | if (!fp) { | 50 | if (!fp) { |
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index abc698bb8..f11c624ea 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c | |||
@@ -22,10 +22,8 @@ | |||
22 | #define MAXBUF 4098 | 22 | #define MAXBUF 4098 |
23 | static void print_seccomp(int pid) { | 23 | static void print_seccomp(int pid) { |
24 | char *file; | 24 | char *file; |
25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) |
26 | errExit("asprintf"); | 26 | errExit("asprintf"); |
27 | exit(1); | ||
28 | } | ||
29 | 27 | ||
30 | FILE *fp = fopen(file, "r"); | 28 | FILE *fp = fopen(file, "r"); |
31 | if (!fp) { | 29 | if (!fp) { |
diff --git a/src/ftee/main.c b/src/ftee/main.c index e6aa5f567..2b27baa5a 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c | |||
@@ -179,10 +179,6 @@ static int is_link(const char *fname) { | |||
179 | return 0; | 179 | return 0; |
180 | } | 180 | } |
181 | 181 | ||
182 | |||
183 | |||
184 | |||
185 | |||
186 | static void usage(void) { | 182 | static void usage(void) { |
187 | printf("Usage: ftee filename\n"); | 183 | printf("Usage: ftee filename\n"); |
188 | } | 184 | } |
@@ -201,33 +197,25 @@ int main(int argc, char **argv) { | |||
201 | 197 | ||
202 | 198 | ||
203 | // do not accept directories, links, and files with ".." | 199 | // do not accept directories, links, and files with ".." |
204 | if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) { | 200 | if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) |
205 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | 201 | goto errexit; |
206 | exit(1); | ||
207 | } | ||
208 | 202 | ||
209 | struct stat s; | 203 | struct stat s; |
210 | if (stat(fname, &s) == 0) { | 204 | if (stat(fname, &s) == 0) { |
211 | // check permissions | 205 | // check permissions |
212 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | 206 | if (s.st_uid != getuid() || s.st_gid != getgid()) |
213 | fprintf(stderr, "Error: the output file needs to be owned by the current user.\n"); | 207 | goto errexit; |
214 | exit(1); | ||
215 | } | ||
216 | 208 | ||
217 | // check hard links | 209 | // check hard links |
218 | if (s.st_nlink != 1) { | 210 | if (s.st_nlink != 1) |
219 | fprintf(stderr, "Error: no hard links allowed.\n"); | 211 | goto errexit; |
220 | exit(1); | ||
221 | } | ||
222 | } | 212 | } |
223 | 213 | ||
224 | // check if we can append to this file | 214 | // check if we can append to this file |
225 | /* coverity[toctou] */ | 215 | /* coverity[toctou] */ |
226 | FILE *fp = fopen(fname, "a"); | 216 | FILE *fp = fopen(fname, "a"); |
227 | if (!fp) { | 217 | if (!fp) |
228 | fprintf(stderr, "Error: cannot open output file %s\n", fname); | 218 | goto errexit; |
229 | exit(1); | ||
230 | } | ||
231 | fclose(fp); | 219 | fclose(fp); |
232 | 220 | ||
233 | 221 | ||
@@ -248,4 +236,8 @@ int main(int argc, char **argv) { | |||
248 | 236 | ||
249 | log_close(); | 237 | log_close(); |
250 | return 0; | 238 | return 0; |
239 | |||
240 | errexit: | ||
241 | fprintf(stderr, "Error ftee: invalid output file.\n"); | ||
242 | return 1; | ||
251 | } | 243 | } |