diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-a-l/gtk2-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-a-l/gtk3-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-m-z/youtube-viewer.profile | 57 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 4 | ||||
-rw-r--r-- | src/firejail/arp.c | 4 | ||||
-rw-r--r-- | src/firejail/chroot.c | 3 | ||||
-rw-r--r-- | src/firejail/firejail.h | 35 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/output.c | 87 | ||||
-rw-r--r-- | src/firejail/protocol.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 3 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 4 | ||||
-rw-r--r-- | src/firemon/firemon.h | 6 | ||||
-rw-r--r-- | src/firemon/procevent.c | 13 | ||||
-rw-r--r-- | src/include/syscall.h | 2 | ||||
-rw-r--r-- | src/lib/errno.c | 2 |
22 files changed, 218 insertions, 69 deletions
@@ -1,5 +1,6 @@ | |||
1 | firejail (0.9.63) baseline; urgency=low | 1 | firejail (0.9.63) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * security: fixes for CVE-2020-17367 & CVE-2020-17368, reported by Tim Starling | ||
3 | * The blocking action of seccomp filters has been changed from | 4 | * The blocking action of seccomp filters has been changed from |
4 | killing the process to returning EPERM to the caller. To get the | 5 | killing the process to returning EPERM to the caller. To get the |
5 | previous behaviour, use --seccomp-error-action=kill or | 6 | previous behaviour, use --seccomp-error-action=kill or |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e911be93a..e5dd9cb59 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -396,6 +396,7 @@ blacklist ${HOME}/.config/yandex-browser | |||
396 | blacklist ${HOME}/.config/yandex-browser-beta | 396 | blacklist ${HOME}/.config/yandex-browser-beta |
397 | blacklist ${HOME}/.config/yelp | 397 | blacklist ${HOME}/.config/yelp |
398 | blacklist ${HOME}/.config/youtube-dl | 398 | blacklist ${HOME}/.config/youtube-dl |
399 | blacklist ${HOME}/.config/youtube-viewer | ||
399 | blacklist ${HOME}/.config/zathura | 400 | blacklist ${HOME}/.config/zathura |
400 | blacklist ${HOME}/.config/zoomus.conf | 401 | blacklist ${HOME}/.config/zoomus.conf |
401 | blacklist ${HOME}/.config/Zulip | 402 | blacklist ${HOME}/.config/Zulip |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index c9c8bdedf..ceeb14dcc 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -41,6 +41,8 @@ whitelist /usr/share/misc | |||
41 | whitelist /usr/share/Modules | 41 | whitelist /usr/share/Modules |
42 | whitelist /usr/share/myspell | 42 | whitelist /usr/share/myspell |
43 | whitelist /usr/share/p11-kit | 43 | whitelist /usr/share/p11-kit |
44 | whitelist /usr/share/perl | ||
45 | whitelist /usr/share/perl5 | ||
44 | whitelist /usr/share/pixmaps | 46 | whitelist /usr/share/pixmaps |
45 | whitelist /usr/share/pki | 47 | whitelist /usr/share/pki |
46 | whitelist /usr/share/plasma | 48 | whitelist /usr/share/plasma |
diff --git a/etc/profile-a-l/gtk-youtube-viewer b/etc/profile-a-l/gtk-youtube-viewer new file mode 100644 index 000000000..023f10d3d --- /dev/null +++ b/etc/profile-a-l/gtk-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/gtk2-youtube-viewer b/etc/profile-a-l/gtk2-youtube-viewer new file mode 100644 index 000000000..331e73218 --- /dev/null +++ b/etc/profile-a-l/gtk2-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk2-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk2-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer b/etc/profile-a-l/gtk3-youtube-viewer new file mode 100644 index 000000000..4c5bde55f --- /dev/null +++ b/etc/profile-a-l/gtk3-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk3-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk3-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile new file mode 100644 index 000000000..513cb0f6e --- /dev/null +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -0,0 +1,57 @@ | |||
1 | # Firejail profile for youtube-viewer | ||
2 | # Description: Trizen's CLI Youtube viewer with login support | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include youtube-viewer.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | ||
12 | blacklist ${RUNUSER} | ||
13 | |||
14 | noblacklist ${HOME}/.config/youtube-viewer | ||
15 | |||
16 | include allow-perl.inc | ||
17 | include allow-python2.inc | ||
18 | include allow-python3.inc | ||
19 | |||
20 | include disable-common.inc | ||
21 | include disable-devel.inc | ||
22 | include disable-exec.inc | ||
23 | include disable-interpreters.inc | ||
24 | include disable-passwdmgr.inc | ||
25 | include disable-programs.inc | ||
26 | include disable-xdg.inc | ||
27 | |||
28 | mkdir ${HOME}/.config/youtube-viewer | ||
29 | whitelist ${HOME}/.config/youtube-viewer | ||
30 | include whitelist-common.inc | ||
31 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | ||
33 | |||
34 | apparmor | ||
35 | caps.drop all | ||
36 | netfilter | ||
37 | nodvd | ||
38 | nogroups | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | notv | ||
42 | nou2f | ||
43 | novideo | ||
44 | protocol unix,inet,inet6 | ||
45 | seccomp | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | # private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,smplayer,sh,which,vlc,youtube-dl,youtube-viewer | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user none | ||
57 | dbus-system none \ No newline at end of file | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 05c5681d5..0574daae6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -327,6 +327,9 @@ gradio | |||
327 | gramps | 327 | gramps |
328 | gravity-beams-and-evaporating-stars | 328 | gravity-beams-and-evaporating-stars |
329 | gthumb | 329 | gthumb |
330 | gtk-youtube-viewer | ||
331 | gtk2-youtube-viewer | ||
332 | gtk3-youtube-viewer | ||
330 | guayadeque | 333 | guayadeque |
331 | gucharmap | 334 | gucharmap |
332 | gummi | 335 | gummi |
@@ -816,6 +819,7 @@ xviewer | |||
816 | yandex-browser | 819 | yandex-browser |
817 | yelp | 820 | yelp |
818 | youtube-dl | 821 | youtube-dl |
822 | youtube-viewer | ||
819 | zaproxy | 823 | zaproxy |
820 | zart | 824 | zart |
821 | zathura | 825 | zathura |
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 3714af9a3..f88d0a1dd 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -239,9 +239,7 @@ int arp_check(const char *dev, uint32_t destaddr) { | |||
239 | } | 239 | } |
240 | } | 240 | } |
241 | 241 | ||
242 | // it will never get here! | 242 | __builtin_unreachable(); |
243 | close(sock); | ||
244 | return -1; | ||
245 | } | 243 | } |
246 | 244 | ||
247 | // assign a random IP address and check it | 245 | // assign a random IP address and check it |
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index cae52e20b..5fc6c8298 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -165,7 +165,8 @@ void fs_chroot(const char *rootdir) { | |||
165 | close(fd); | 165 | close(fd); |
166 | 166 | ||
167 | // x11 | 167 | // x11 |
168 | if (getenv("FIREJAIL_X11")) { | 168 | // if users want this mount, they should set FIREJAIL_CHROOT_X11 |
169 | if (getenv("FIREJAIL_X11") || getenv("FIREJAIL_CHROOT_X11")) { | ||
169 | if (arg_debug) | 170 | if (arg_debug) |
170 | printf("Mounting /tmp/.X11-unix on chroot /tmp/.X11-unix\n"); | 171 | printf("Mounting /tmp/.X11-unix on chroot /tmp/.X11-unix\n"); |
171 | check_subdir(parentfd, "tmp/.X11-unix", 0); | 172 | check_subdir(parentfd, "tmp/.X11-unix", 0); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index ecabd7d71..c98f80d13 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -371,14 +371,14 @@ char *guess_shell(void); | |||
371 | 371 | ||
372 | // sandbox.c | 372 | // sandbox.c |
373 | int sandbox(void* sandbox_arg); | 373 | int sandbox(void* sandbox_arg); |
374 | void start_application(int no_sandbox, FILE *fp); | 374 | void start_application(int no_sandbox, FILE *fp) __attribute__((noreturn)); |
375 | void set_apparmor(void); | 375 | void set_apparmor(void); |
376 | 376 | ||
377 | // network_main.c | 377 | // network_main.c |
378 | void net_configure_sandbox_ip(Bridge *br); | 378 | void net_configure_sandbox_ip(Bridge *br); |
379 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); | 379 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); |
380 | void net_check_cfg(void); | 380 | void net_check_cfg(void); |
381 | void net_dns_print(pid_t pid); | 381 | void net_dns_print(pid_t pid) __attribute__((noreturn)); |
382 | void network_main(pid_t child); | 382 | void network_main(pid_t child); |
383 | void net_print(pid_t pid); | 383 | void net_print(pid_t pid); |
384 | 384 | ||
@@ -453,13 +453,12 @@ void profile_add_ignore(const char *str); | |||
453 | void list(void); | 453 | void list(void); |
454 | void tree(void); | 454 | void tree(void); |
455 | void top(void); | 455 | void top(void); |
456 | void netstats(void); | ||
457 | 456 | ||
458 | // usage.c | 457 | // usage.c |
459 | void usage(void); | 458 | void usage(void); |
460 | 459 | ||
461 | // join.c | 460 | // join.c |
462 | void join(pid_t pid, int argc, char **argv, int index); | 461 | void join(pid_t pid, int argc, char **argv, int index) __attribute__((noreturn)); |
463 | bool is_ready_for_join(const pid_t pid); | 462 | bool is_ready_for_join(const pid_t pid); |
464 | void check_join_permission(pid_t pid); | 463 | void check_join_permission(pid_t pid); |
465 | pid_t switch_to_child(pid_t pid); | 464 | pid_t switch_to_child(pid_t pid); |
@@ -486,7 +485,7 @@ int macro_id(const char *name); | |||
486 | 485 | ||
487 | 486 | ||
488 | // util.c | 487 | // util.c |
489 | void errLogExit(char* fmt, ...); | 488 | void errLogExit(char* fmt, ...) __attribute__((noreturn)); |
490 | void fwarning(char* fmt, ...); | 489 | void fwarning(char* fmt, ...); |
491 | void fmessage(char* fmt, ...); | 490 | void fmessage(char* fmt, ...); |
492 | void drop_privs(int nogroups); | 491 | void drop_privs(int nogroups); |
@@ -584,7 +583,7 @@ int seccomp_load(const char *fname); | |||
584 | int seccomp_filter_drop(bool native); | 583 | int seccomp_filter_drop(bool native); |
585 | int seccomp_filter_keep(bool native); | 584 | int seccomp_filter_keep(bool native); |
586 | int seccomp_filter_mdwx(bool native); | 585 | int seccomp_filter_mdwx(bool native); |
587 | void seccomp_print_filter(pid_t pid); | 586 | void seccomp_print_filter(pid_t pid) __attribute__((noreturn)); |
588 | 587 | ||
589 | // caps.c | 588 | // caps.c |
590 | void seccomp_load_file_list(void); | 589 | void seccomp_load_file_list(void); |
@@ -595,7 +594,7 @@ void caps_set(uint64_t caps); | |||
595 | void caps_check_list(const char *clist, void (*callback)(int)); | 594 | void caps_check_list(const char *clist, void (*callback)(int)); |
596 | void caps_drop_list(const char *clist); | 595 | void caps_drop_list(const char *clist); |
597 | void caps_keep_list(const char *clist); | 596 | void caps_keep_list(const char *clist); |
598 | void caps_print_filter(pid_t pid); | 597 | void caps_print_filter(pid_t pid) __attribute__((noreturn)); |
599 | void caps_drop_dac_override(void); | 598 | void caps_drop_dac_override(void); |
600 | 599 | ||
601 | // fs_trace.c | 600 | // fs_trace.c |
@@ -618,7 +617,7 @@ void read_cpu_list(const char *str); | |||
618 | void set_cpu_affinity(void); | 617 | void set_cpu_affinity(void); |
619 | void load_cpu(const char *fname); | 618 | void load_cpu(const char *fname); |
620 | void save_cpu(void); | 619 | void save_cpu(void); |
621 | void cpu_print_filter(pid_t pid); | 620 | void cpu_print_filter(pid_t pid) __attribute__((noreturn)); |
622 | 621 | ||
623 | // cgroup.c | 622 | // cgroup.c |
624 | void save_cgroup(void); | 623 | void save_cgroup(void); |
@@ -640,7 +639,7 @@ void netns(const char *nsname); | |||
640 | void netns_mounts(const char *nsname); | 639 | void netns_mounts(const char *nsname); |
641 | 640 | ||
642 | // bandwidth.c | 641 | // bandwidth.c |
643 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); | 642 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) __attribute__((noreturn)); |
644 | void network_set_run_file(pid_t pid); | 643 | void network_set_run_file(pid_t pid); |
645 | 644 | ||
646 | // fs_etc.c | 645 | // fs_etc.c |
@@ -650,7 +649,7 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
650 | // no_sandbox.c | 649 | // no_sandbox.c |
651 | int check_namespace_virt(void); | 650 | int check_namespace_virt(void); |
652 | int check_kernel_procs(void); | 651 | int check_kernel_procs(void); |
653 | void run_no_sandbox(int argc, char **argv); | 652 | void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); |
654 | 653 | ||
655 | #define MAX_ENVS 256 // some sane maximum number of environment variables | 654 | #define MAX_ENVS 256 // some sane maximum number of environment variables |
656 | #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH | 655 | #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH |
@@ -681,7 +680,7 @@ void fs_private_lib(void); | |||
681 | // protocol.c | 680 | // protocol.c |
682 | void protocol_filter_save(void); | 681 | void protocol_filter_save(void); |
683 | void protocol_filter_load(const char *fname); | 682 | void protocol_filter_load(const char *fname); |
684 | void protocol_print_filter(pid_t pid); | 683 | void protocol_print_filter(pid_t pid) __attribute__((noreturn)); |
685 | 684 | ||
686 | // restrict_users.c | 685 | // restrict_users.c |
687 | void restrict_users(void); | 686 | void restrict_users(void); |
@@ -693,7 +692,7 @@ void fs_logger2int(const char *msg1, int d); | |||
693 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); | 692 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); |
694 | void fs_logger_print(void); | 693 | void fs_logger_print(void); |
695 | void fs_logger_change_owner(void); | 694 | void fs_logger_change_owner(void); |
696 | void fs_logger_print_log(pid_t pid); | 695 | void fs_logger_print_log(pid_t pid) __attribute__((noreturn)); |
697 | 696 | ||
698 | // run_symlink.c | 697 | // run_symlink.c |
699 | void run_symlink(int argc, char **argv, int run_as_is); | 698 | void run_symlink(int argc, char **argv, int run_as_is); |
@@ -719,11 +718,11 @@ void fs_mkfile(const char *name); | |||
719 | 718 | ||
720 | void fs_x11(void); | 719 | void fs_x11(void); |
721 | int x11_display(void); | 720 | int x11_display(void); |
722 | void x11_start(int argc, char **argv); | 721 | void x11_start(int argc, char **argv) __attribute__((noreturn)); |
723 | void x11_start_xpra(int argc, char **argv); | 722 | void x11_start_xpra(int argc, char **argv) __attribute__((noreturn)); |
724 | void x11_start_xephyr(int argc, char **argv); | 723 | void x11_start_xephyr(int argc, char **argv) __attribute__((noreturn)); |
725 | void x11_block(void); | 724 | void x11_block(void); |
726 | void x11_start_xvfb(int argc, char **argv); | 725 | void x11_start_xvfb(int argc, char **argv) __attribute__((noreturn)); |
727 | void x11_xorg(void); | 726 | void x11_xorg(void); |
728 | 727 | ||
729 | // ls.c | 728 | // ls.c |
@@ -733,7 +732,7 @@ enum { | |||
733 | SANDBOX_FS_PUT, | 732 | SANDBOX_FS_PUT, |
734 | SANDBOX_FS_MAX // this should always be the last entry | 733 | SANDBOX_FS_MAX // this should always be the last entry |
735 | }; | 734 | }; |
736 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2); | 735 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) __attribute__((noreturn)); |
737 | 736 | ||
738 | // checkcfg.c | 737 | // checkcfg.c |
739 | #define DEFAULT_ARP_PROBES 2 | 738 | #define DEFAULT_ARP_PROBES 2 |
@@ -839,7 +838,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
839 | // run sbox | 838 | // run sbox |
840 | int sbox_run(unsigned filter, int num, ...); | 839 | int sbox_run(unsigned filter, int num, ...); |
841 | int sbox_run_v(unsigned filter, char * const arg[]); | 840 | int sbox_run_v(unsigned filter, char * const arg[]); |
842 | void sbox_exec_v(unsigned filter, char * const arg[]); | 841 | void sbox_exec_v(unsigned filter, char * const arg[]) __attribute__((noreturn)); |
843 | 842 | ||
844 | // run_files.c | 843 | // run_files.c |
845 | void delete_run_files(pid_t pid); | 844 | void delete_run_files(pid_t pid); |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 4c8555f29..f202d1a9c 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -588,7 +588,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
588 | 588 | ||
589 | start_application(0, NULL); | 589 | start_application(0, NULL); |
590 | 590 | ||
591 | // it will never get here!!! | 591 | __builtin_unreachable(); |
592 | } | 592 | } |
593 | EUID_USER(); | 593 | EUID_USER(); |
594 | 594 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index f57500650..b9cb43444 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1159,8 +1159,7 @@ int main(int argc, char **argv, char **envp) { | |||
1159 | 1159 | ||
1160 | // start the program directly without sandboxing | 1160 | // start the program directly without sandboxing |
1161 | run_no_sandbox(argc, argv); | 1161 | run_no_sandbox(argc, argv); |
1162 | // it will never get here! | 1162 | __builtin_unreachable(); |
1163 | assert(0); | ||
1164 | } | 1163 | } |
1165 | } | 1164 | } |
1166 | EUID_ASSERT(); | 1165 | EUID_ASSERT(); |
diff --git a/src/firejail/output.c b/src/firejail/output.c index d4a7f464a..36cb905cb 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -30,6 +30,12 @@ void check_output(int argc, char **argv) { | |||
30 | int enable_stderr = 0; | 30 | int enable_stderr = 0; |
31 | 31 | ||
32 | for (i = 1; i < argc; i++) { | 32 | for (i = 1; i < argc; i++) { |
33 | if (strncmp(argv[i], "--", 2) != 0) { | ||
34 | return; | ||
35 | } | ||
36 | if (strcmp(argv[i], "--") == 0) { | ||
37 | return; | ||
38 | } | ||
33 | if (strncmp(argv[i], "--output=", 9) == 0) { | 39 | if (strncmp(argv[i], "--output=", 9) == 0) { |
34 | outindex = i; | 40 | outindex = i; |
35 | break; | 41 | break; |
@@ -71,38 +77,67 @@ void check_output(int argc, char **argv) { | |||
71 | } | 77 | } |
72 | } | 78 | } |
73 | 79 | ||
74 | // build the new command line | 80 | int pipefd[2]; |
75 | int len = 0; | 81 | if (pipe(pipefd) == -1) { |
76 | for (i = 0; i < argc; i++) { | 82 | errExit("pipe"); |
77 | len += strlen(argv[i]) + 1; // + ' ' | ||
78 | } | 83 | } |
79 | len += 100 + strlen(LIBDIR) + strlen(outfile); // tee command | ||
80 | 84 | ||
81 | char *cmd = malloc(len + 1); // + '\0' | 85 | pid_t pid = fork(); |
82 | if (!cmd) | 86 | if (pid == -1) { |
83 | errExit("malloc"); | 87 | errExit("fork"); |
88 | } else if (pid == 0) { | ||
89 | /* child */ | ||
90 | if (dup2(pipefd[0], STDIN_FILENO) == -1) { | ||
91 | errExit("dup2"); | ||
92 | } | ||
93 | close(pipefd[1]); | ||
94 | if (pipefd[0] != STDIN_FILENO) { | ||
95 | close(pipefd[0]); | ||
96 | } | ||
84 | 97 | ||
85 | char *ptr = cmd; | 98 | char *args[3]; |
86 | for (i = 0; i < argc; i++) { | 99 | args[0] = LIBDIR "/firejail/ftee"; |
87 | if (strncmp(argv[i], "--output=", 9) == 0) | 100 | args[1] = outfile; |
88 | continue; | 101 | args[2] = NULL; |
89 | if (strncmp(argv[i], "--output-stderr=", 16) == 0) | 102 | execv(args[0], args); |
90 | continue; | 103 | perror("execvp"); |
91 | ptr += sprintf(ptr, "%s ", argv[i]); | 104 | exit(1); |
92 | } | 105 | } |
93 | 106 | ||
94 | if (enable_stderr) | 107 | /* parent */ |
95 | sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); | 108 | if (dup2(pipefd[1], STDOUT_FILENO) == -1) { |
96 | else | 109 | errExit("dup2"); |
97 | sprintf(ptr, " | %s/firejail/ftee %s", LIBDIR, outfile); | 110 | } |
111 | if (enable_stderr && dup2(STDOUT_FILENO, STDERR_FILENO) == -1) { | ||
112 | errExit("dup2"); | ||
113 | } | ||
114 | close(pipefd[0]); | ||
115 | if (pipefd[1] != STDOUT_FILENO) { | ||
116 | close(pipefd[1]); | ||
117 | } | ||
98 | 118 | ||
99 | // run command | 119 | char **args = calloc(argc + 1, sizeof(char *)); |
100 | char *a[4]; | 120 | if (!args) { |
101 | a[0] = "/bin/bash"; | 121 | errExit("calloc"); |
102 | a[1] = "-c"; | 122 | } |
103 | a[2] = cmd; | 123 | bool found_separator = false; |
104 | a[3] = NULL; | 124 | /* copy argv into args, but drop --output(-stderr) arguments */ |
105 | execvp(a[0], a); | 125 | int j; |
126 | for (i = 0, j = 0; i < argc; i++) { | ||
127 | if (!found_separator && i > 0) { | ||
128 | if (strncmp(argv[i], "--output=", 9) == 0) { | ||
129 | continue; | ||
130 | } | ||
131 | if (strncmp(argv[i], "--output-stderr=", 16) == 0) { | ||
132 | continue; | ||
133 | } | ||
134 | if (strncmp(argv[i], "--", 2) != 0 || strcmp(argv[i], "--") == 0) { | ||
135 | found_separator = true; | ||
136 | } | ||
137 | } | ||
138 | args[j++] = argv[i]; | ||
139 | } | ||
140 | execvp(args[0], args); | ||
106 | 141 | ||
107 | perror("execvp"); | 142 | perror("execvp"); |
108 | exit(1); | 143 | exit(1); |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 6402afbc6..a1594d6b9 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -90,7 +90,7 @@ void protocol_print_filter(pid_t pid) { | |||
90 | exit(0); | 90 | exit(0); |
91 | #else | 91 | #else |
92 | fwarning("--protocol not supported on this platform\n"); | 92 | fwarning("--protocol not supported on this platform\n"); |
93 | return; | 93 | exit(1); |
94 | #endif | 94 | #endif |
95 | } | 95 | } |
96 | 96 | ||
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2314d5744..e42d35be5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -666,7 +666,8 @@ int sandbox(void* sandbox_arg) { | |||
666 | // ... and mount a tmpfs on top of /run/firejail/mnt directory | 666 | // ... and mount a tmpfs on top of /run/firejail/mnt directory |
667 | preproc_mount_mnt_dir(); | 667 | preproc_mount_mnt_dir(); |
668 | // bind-mount firejail binaries and helper programs | 668 | // bind-mount firejail binaries and helper programs |
669 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0) | 669 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 || |
670 | mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0) | ||
670 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); | 671 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); |
671 | 672 | ||
672 | //**************************** | 673 | //**************************** |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 99f11a246..57c21ce78 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -31,7 +31,7 @@ | |||
31 | #define O_PATH 010000000 | 31 | #define O_PATH 010000000 |
32 | #endif | 32 | #endif |
33 | 33 | ||
34 | static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) { | 34 | static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * const arg[]) { |
35 | // build a new, clean environment | 35 | // build a new, clean environment |
36 | int env_index = 0; | 36 | int env_index = 0; |
37 | char *new_environment[256] = { NULL }; | 37 | char *new_environment[256] = { NULL }; |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 98ac184d9..ba54ca376 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -682,7 +682,7 @@ static char * get_title_arg_str() { | |||
682 | } | 682 | } |
683 | 683 | ||
684 | 684 | ||
685 | void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | 685 | static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { |
686 | EUID_ASSERT(); | 686 | EUID_ASSERT(); |
687 | int i; | 687 | int i; |
688 | struct stat s; | 688 | struct stat s; |
@@ -921,7 +921,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
921 | } | 921 | } |
922 | 922 | ||
923 | 923 | ||
924 | void x11_start_xpra_new(int argc, char **argv, char *display_str) { | 924 | static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, char *display_str) { |
925 | EUID_ASSERT(); | 925 | EUID_ASSERT(); |
926 | int i; | 926 | int i; |
927 | pid_t server = 0; | 927 | pid_t server = 0; |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 7a55a64fb..3fba486eb 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -46,13 +46,13 @@ void firemon_sleep(int st); | |||
46 | 46 | ||
47 | 47 | ||
48 | // procevent.c | 48 | // procevent.c |
49 | void procevent(pid_t pid); | 49 | void procevent(pid_t pid) __attribute__((noreturn)); |
50 | 50 | ||
51 | // usage.c | 51 | // usage.c |
52 | void usage(void); | 52 | void usage(void); |
53 | 53 | ||
54 | // top.c | 54 | // top.c |
55 | void top(void); | 55 | void top(void) __attribute__((noreturn)); |
56 | 56 | ||
57 | // list.c | 57 | // list.c |
58 | void list(void); | 58 | void list(void); |
@@ -82,7 +82,7 @@ void cgroup(pid_t pid, int print_procs); | |||
82 | void tree(pid_t pid); | 82 | void tree(pid_t pid); |
83 | 83 | ||
84 | // netstats.c | 84 | // netstats.c |
85 | void netstats(void); | 85 | void netstats(void) __attribute__((noreturn)); |
86 | 86 | ||
87 | // x11.c | 87 | // x11.c |
88 | void x11(pid_t pid, int print_procs); | 88 | void x11(pid_t pid, int print_procs); |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 7dd08444e..45964d3a2 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -220,7 +220,7 @@ errexit: | |||
220 | } | 220 | } |
221 | 221 | ||
222 | 222 | ||
223 | static int procevent_monitor(const int sock, pid_t mypid) { | 223 | static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t mypid) { |
224 | ssize_t len; | 224 | ssize_t len; |
225 | struct nlmsghdr *nlmsghdr; | 225 | struct nlmsghdr *nlmsghdr; |
226 | 226 | ||
@@ -246,8 +246,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
246 | 246 | ||
247 | int rv = select(max, &readfds, NULL, NULL, &tv); | 247 | int rv = select(max, &readfds, NULL, NULL, &tv); |
248 | if (rv == -1) { | 248 | if (rv == -1) { |
249 | fprintf(stderr, "recv: %s\n", strerror(errno)); | 249 | errExit("recv"); |
250 | return -1; | ||
251 | } | 250 | } |
252 | 251 | ||
253 | // timeout | 252 | // timeout |
@@ -259,7 +258,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
259 | 258 | ||
260 | 259 | ||
261 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) | 260 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) |
262 | return 0; | 261 | exit(0); |
263 | if (len == -1) { | 262 | if (len == -1) { |
264 | if (errno == EINTR) | 263 | if (errno == EINTR) |
265 | continue; | 264 | continue; |
@@ -271,7 +270,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
271 | } | 270 | } |
272 | else { | 271 | else { |
273 | fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); | 272 | fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); |
274 | return -1; | 273 | exit(1); |
275 | } | 274 | } |
276 | } | 275 | } |
277 | 276 | ||
@@ -497,7 +496,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
497 | exit(0); | 496 | exit(0); |
498 | } | 497 | } |
499 | } | 498 | } |
500 | return 0; | 499 | __builtin_unreachable(); |
501 | } | 500 | } |
502 | 501 | ||
503 | void procevent(pid_t pid) { | 502 | void procevent(pid_t pid) { |
@@ -515,6 +514,4 @@ void procevent(pid_t pid) { | |||
515 | } | 514 | } |
516 | 515 | ||
517 | procevent_monitor(sock, pid); // it will never return from here | 516 | procevent_monitor(sock, pid); // it will never return from here |
518 | assert(0); | ||
519 | close(sock); // quiet static analyzers | ||
520 | } | 517 | } |
diff --git a/src/include/syscall.h b/src/include/syscall.h index 89b54170e..489da0600 100644 --- a/src/include/syscall.h +++ b/src/include/syscall.h | |||
@@ -32,7 +32,7 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b | |||
32 | // errno.c | 32 | // errno.c |
33 | void errno_print(void); | 33 | void errno_print(void); |
34 | int errno_find_name(const char *name); | 34 | int errno_find_name(const char *name); |
35 | char *errno_find_nr(int nr); | 35 | const char *errno_find_nr(int nr); |
36 | 36 | ||
37 | // syscall.c | 37 | // syscall.c |
38 | void syscall_print(void); | 38 | void syscall_print(void); |
diff --git a/src/lib/errno.c b/src/lib/errno.c index d38c197ad..881c3b27e 100644 --- a/src/lib/errno.c +++ b/src/lib/errno.c | |||
@@ -183,7 +183,7 @@ int errno_find_name(const char *name) { | |||
183 | return -1; | 183 | return -1; |
184 | } | 184 | } |
185 | 185 | ||
186 | char *errno_find_nr(int nr) { | 186 | const char *errno_find_nr(int nr) { |
187 | int i; | 187 | int i; |
188 | int elems = sizeof(errnolist) / sizeof(errnolist[0]); | 188 | int elems = sizeof(errnolist) / sizeof(errnolist[0]); |
189 | for (i = 0; i < elems; i++) { | 189 | for (i = 0; i < elems; i++) { |