diff options
| -rw-r--r-- | src/firejail/main.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 435c04d76..6170806f9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1500,15 +1500,14 @@ int main(int argc, char **argv) { | |||
| 1500 | cfg.chrootdir = tmp; | 1500 | cfg.chrootdir = tmp; |
| 1501 | } | 1501 | } |
| 1502 | 1502 | ||
| 1503 | // check chroot dirname exists | 1503 | if (strstr(cfg.chrootdir, "..") || is_link(cfg.chrootdir)) { |
| 1504 | if (strstr(cfg.chrootdir, "..") || !is_dir(cfg.chrootdir) || is_link(cfg.chrootdir)) { | ||
| 1505 | fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); | 1504 | fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); |
| 1506 | return 1; | 1505 | return 1; |
| 1507 | } | 1506 | } |
| 1508 | 1507 | ||
| 1509 | // don't allow "--chroot=/" | 1508 | // check chroot dirname exists, don't allow "--chroot=/" |
| 1510 | char *rpath = realpath(cfg.chrootdir, NULL); | 1509 | char *rpath = realpath(cfg.chrootdir, NULL); |
| 1511 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | 1510 | if (rpath == NULL || !is_dir(rpath) || strcmp(rpath, "/") == 0) { |
| 1512 | fprintf(stderr, "Error: invalid chroot directory\n"); | 1511 | fprintf(stderr, "Error: invalid chroot directory\n"); |
| 1513 | exit(1); | 1512 | exit(1); |
| 1514 | } | 1513 | } |