2 files changed, 36 insertions, 11 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index db9382dc3..513a5a8a2 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -39,15 +39,20 @@ void appimage_set(const char *appimage_path) {
        assert(appimage_path);
        assert(devloop == NULL);        // don't call this twice!
        EUID_ASSERT();
-        
        // check appimage_path
        if (access(appimage_path, R_OK) == -1) {
                fprintf(stderr, "Error: cannot access AppImage file\n");
                exit(1);
        }
-        
+        // open as user to prevent race condition
+        int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC);
+        if (ffd == -1)
+                errExit("open");
        EUID_ROOT();
-        
        // find or allocate a free loop device to use
        int cfd = open("/dev/loop-control", O_RDWR);
        int devnr = ioctl(cfd, LOOP_CTL_GET_FREE);
@@ -59,7 +64,6 @@ void appimage_set(const char *appimage_path) {
        if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
                errExit("asprintf");
                
-        int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC);
        int lfd = open(devloop, O_RDONLY);
        if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) {
                fprintf(stderr, "Error: cannot configure the loopback device\n");
@@ -68,22 +72,22 @@ void appimage_set(const char *appimage_path) {
        close(lfd);
        close(ffd);
        
+        EUID_USER();
+        // creates directory with perms 0700
        char dirname[] = "/tmp/firejail-mnt-XXXXXX";
        mntdir =  strdup(mkdtemp(dirname));
        if (mntdir == NULL) {
                fprintf(stderr, "Error: cannot create temporary directory\n");
                exit(1);
        }
-        mkdir(mntdir, 755);
+        ASSERT_PERMS(mntdir, getuid(), getgid(), 0700);
-        if (chown(mntdir, getuid(), getgid()) == -1)
-                errExit("chown");
-        if (chmod(mntdir, 755) == -1)
-                errExit("chmod");
        
        char *mode;
-        if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1)
+        if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
                errExit("asprintf");
+        EUID_ROOT();
        if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
                errExit("mounting appimage");
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index abbaa807c..a3b573acc 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -75,6 +75,27 @@
 #define DEFAULT_ROOT_PROFILE    "server"
 #define MAX_INCLUDE_LEVEL 6             // include levels in profile files
+#define ASSERT_PERMS(file, uid, gid, mode) \
+        do { \
+                assert(file);\
+                struct stat s;\
+                if (stat(file, &s) == -1) errExit("stat");\
+                assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
+        } while (0)
+#define ASSERT_PERMS_FD(fd, uid, gid, mode) \
+        do { \
+                struct stat s;\
+                if (stat(fd, &s) == -1) errExit("stat");\
+                assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\
+        } while (0)
+#define ASSERT_PERMS_STREAM(file, uid, gid, mode) \
+        do { \
+                int fd = fileno(file);\
+                if (fd == -1) errExit("fileno");\
+                ASSERT_PERMS_FD(fd, uid, gid, mode);\
+        } while (0)
 // main.c
 typedef struct bridge_t {
        // on the host
@@ -386,7 +407,7 @@ void logsignal(int s);
 void logmsg(const char *msg);
 void logargs(int argc, char **argv) ;
 void logerr(const char *msg);
-int copy_file(const char *srcname, const char *destname);
+int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode);
 int is_dir(const char *fname);
 int is_link(const char *fname);
 char *line_remove_spaces(const char *buf);