sshd fixes

author: netblue30 <netblue30@yahoo.com> 2016-03-01 09:19:16 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-03-01 09:19:16 -0500
commit: dd03698218f38dc549524908675a178b115da0e1 (patch)
tree: eb9cdb2055f95ef1ceae85232c5982cd536068ef /src
parent: scp fixes (diff)
download: firejail-dd03698218f38dc549524908675a178b115da0e1.tar.gz
firejail-dd03698218f38dc549524908675a178b115da0e1.tar.zst
firejail-dd03698218f38dc549524908675a178b115da0e1.zip
1 files changed, 18 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 31c58d8ae..c0050be1f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -612,8 +612,24 @@ int main(int argc, char **argv) {
        bandwidth_shm_del_file(sandbox_pid);
        EUID_USER();
        
-        // is this a login shell?
+        //check if the parent is sshd daemon
-        if (*argv[0] == '-') {
+        int parent_sshd = 0;
+        {
+                pid_t ppid = getppid();
+                char *comm = pid_proc_comm(ppid);
+                if (comm) {
+                        // remove \n
+                        char *ptr = strchr(comm, '\n');
+                        if (ptr)
+                                *ptr = '\0';
+                        if (strcmp(comm, "sshd") == 0)
+                                parent_sshd = 1;
+                        free(comm);
+                }
+        }
+        
+        // is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users
+        if (*argv[0] == '-' || parent_sshd) {
                fullargc = restricted_shell(cfg.username);
                if (fullargc) {
                        int j;
author	netblue30 <netblue30@yahoo.com>	2016-03-01 09:19:16 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-03-01 09:19:16 -0500
commit	dd03698218f38dc549524908675a178b115da0e1 (patch)
tree	eb9cdb2055f95ef1ceae85232c5982cd536068ef /src
parent	scp fixes (diff)
download	firejail-dd03698218f38dc549524908675a178b115da0e1.tar.gz firejail-dd03698218f38dc549524908675a178b115da0e1.tar.zst firejail-dd03698218f38dc549524908675a178b115da0e1.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 31c58d8ae..c0050be1f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -612,8 +612,24 @@ int main(int argc, char **argv) {
612	bandwidth_shm_del_file(sandbox_pid);	612	bandwidth_shm_del_file(sandbox_pid);
613	EUID_USER();	613	EUID_USER();
614		614
615	// is this a login shell?	615	//check if the parent is sshd daemon
616	if (*argv[0] == '-') {	616	int parent_sshd = 0;
		617	{
		618	pid_t ppid = getppid();
		619	char *comm = pid_proc_comm(ppid);
		620	if (comm) {
		621	// remove \n
		622	char *ptr = strchr(comm, '\n');
		623	if (ptr)
		624	*ptr = '\0';
		625	if (strcmp(comm, "sshd") == 0)
		626	parent_sshd = 1;
		627	free(comm);
		628	}
		629	}
		630
		631	// is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users
		632	if (*argv[0] == '-' \|\| parent_sshd) {
617	fullargc = restricted_shell(cfg.username);	633	fullargc = restricted_shell(cfg.username);
618	if (fullargc) {	634	if (fullargc) {
619	int j;	635	int j;