diff options
-rw-r--r-- | RELNOTES | 4 | ||||
-rw-r--r-- | src/firejail/bandwidth.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 1 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 3 | ||||
-rw-r--r-- | src/firejail/run_symlink.c | 1 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 16 | ||||
-rw-r--r-- | src/firejail/sbox.c | 1 | ||||
-rw-r--r-- | src/firejail/x11.c | 13 |
9 files changed, 31 insertions, 10 deletions
@@ -2,8 +2,10 @@ firejail (0.9.45) baseline; urgency=low | |||
2 | * development version, work in progress | 2 | * development version, work in progress |
3 | * security: overwrite /etc/resolv.conf found by Martin Carpenter | 3 | * security: overwrite /etc/resolv.conf found by Martin Carpenter |
4 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson | 4 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson |
5 | * security: invalid environment exploit found by Martin Carpener | ||
6 | * security: split most of networking code in a separate executable | ||
7 | * security: split seccomp filter code code in a separate executable | ||
5 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | 8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) |
6 | * feature: split most of networking code in a separate executable | ||
7 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire | 9 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire |
8 | * bugfixes | 10 | * bugfixes |
9 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 11 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 4a1df9c67..ab9714afe 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -462,6 +462,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
462 | arg[1] = "-c"; | 462 | arg[1] = "-c"; |
463 | arg[2] = cmd; | 463 | arg[2] = cmd; |
464 | arg[3] = NULL; | 464 | arg[3] = NULL; |
465 | assert(getenv("LD_PRELOAD") == NULL); | ||
465 | execvp(arg[0], arg); | 466 | execvp(arg[0], arg); |
466 | 467 | ||
467 | // it will never get here | 468 | // it will never get here |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index f59944735..d6fee0608 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -191,6 +191,7 @@ static void duplicate(char *fname) { | |||
191 | char *f; | 191 | char *f; |
192 | if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1) | 192 | if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1) |
193 | errExit("asprintf"); | 193 | errExit("asprintf"); |
194 | assert(getenv("LD_PRELOAD") == NULL); | ||
194 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL); | 195 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL); |
195 | perror("execlp"); | 196 | perror("execlp"); |
196 | _exit(1); | 197 | _exit(1); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index b86d5eb74..4f3417236 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -105,6 +105,7 @@ static void duplicate(char *fname) { | |||
105 | char *f; | 105 | char *f; |
106 | if (asprintf(&f, "/etc/%s", fname) == -1) | 106 | if (asprintf(&f, "/etc/%s", fname) == -1) |
107 | errExit("asprintf"); | 107 | errExit("asprintf"); |
108 | assert(getenv("LD_PRELOAD") == NULL); | ||
108 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL); | 109 | execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL); |
109 | perror("execlp"); | 110 | perror("execlp"); |
110 | _exit(1); | 111 | _exit(1); |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index c1f9a2c37..efef45d90 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -144,6 +144,7 @@ void netfilter(const char *fname) { | |||
144 | 144 | ||
145 | // wipe out environment variables | 145 | // wipe out environment variables |
146 | environ = NULL; | 146 | environ = NULL; |
147 | assert(getenv("LD_PRELOAD") == NULL); | ||
147 | execl(iptables_restore, iptables_restore, NULL); | 148 | execl(iptables_restore, iptables_restore, NULL); |
148 | perror("execl"); | 149 | perror("execl"); |
149 | _exit(1); | 150 | _exit(1); |
@@ -163,6 +164,7 @@ void netfilter(const char *fname) { | |||
163 | if (setregid(0, 0)) | 164 | if (setregid(0, 0)) |
164 | errExit("setregid"); | 165 | errExit("setregid"); |
165 | environ = NULL; | 166 | environ = NULL; |
167 | assert(getenv("LD_PRELOAD") == NULL); | ||
166 | execl(iptables, iptables, "-vL", NULL); | 168 | execl(iptables, iptables, "-vL", NULL); |
167 | perror("execl"); | 169 | perror("execl"); |
168 | _exit(1); | 170 | _exit(1); |
@@ -257,6 +259,7 @@ void netfilter6(const char *fname) { | |||
257 | 259 | ||
258 | // wipe out environment variables | 260 | // wipe out environment variables |
259 | environ = NULL; | 261 | environ = NULL; |
262 | assert(getenv("LD_PRELOAD") == NULL); | ||
260 | execl(ip6tables_restore, ip6tables_restore, NULL); | 263 | execl(ip6tables_restore, ip6tables_restore, NULL); |
261 | perror("execl"); | 264 | perror("execl"); |
262 | _exit(1); | 265 | _exit(1); |
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 020e70b80..8aa2fe53f 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -106,6 +106,7 @@ void run_symlink(int argc, char **argv) { | |||
106 | a[i + 2] = argv[i + 1]; | 106 | a[i + 2] = argv[i + 1]; |
107 | } | 107 | } |
108 | a[i + 2] = NULL; | 108 | a[i + 2] = NULL; |
109 | assert(getenv("LD_PRELOAD") == NULL); | ||
109 | execvp(a[0], a); | 110 | execvp(a[0], a); |
110 | 111 | ||
111 | perror("execvp"); | 112 | perror("execvp"); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 3942e4da6..e3c95283d 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -260,6 +260,7 @@ void start_audit(void) { | |||
260 | char *audit_prog; | 260 | char *audit_prog; |
261 | if (asprintf(&audit_prog, "%s/firejail/faudit", LIBDIR) == -1) | 261 | if (asprintf(&audit_prog, "%s/firejail/faudit", LIBDIR) == -1) |
262 | errExit("asprintf"); | 262 | errExit("asprintf"); |
263 | assert(getenv("LD_PRELOAD") == NULL); | ||
263 | execl(audit_prog, audit_prog, NULL); | 264 | execl(audit_prog, audit_prog, NULL); |
264 | perror("execl"); | 265 | perror("execl"); |
265 | exit(1); | 266 | exit(1); |
@@ -268,6 +269,15 @@ void start_audit(void) { | |||
268 | void start_application(void) { | 269 | void start_application(void) { |
269 | //if (setsid() == -1) | 270 | //if (setsid() == -1) |
270 | //errExit("setsid"); | 271 | //errExit("setsid"); |
272 | |||
273 | // set environment | ||
274 | env_defaults(); | ||
275 | env_apply(); | ||
276 | if (arg_debug) { | ||
277 | printf("starting application\n"); | ||
278 | printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD")); | ||
279 | } | ||
280 | |||
271 | //**************************************** | 281 | //**************************************** |
272 | // audit | 282 | // audit |
273 | //**************************************** | 283 | //**************************************** |
@@ -787,12 +797,6 @@ assert(0); | |||
787 | } | 797 | } |
788 | } | 798 | } |
789 | 799 | ||
790 | // set environment | ||
791 | env_defaults(); | ||
792 | |||
793 | // set user-supplied environment variables | ||
794 | env_apply(); | ||
795 | |||
796 | // set nice | 800 | // set nice |
797 | if (arg_nice) { | 801 | if (arg_nice) { |
798 | errno = 0; | 802 | errno = 0; |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 6499b7005..a5a067090 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -165,6 +165,7 @@ int sbox_run(unsigned filter, int num, ...) { | |||
165 | else if (filter & SBOX_USER) | 165 | else if (filter & SBOX_USER) |
166 | drop_privs(1); | 166 | drop_privs(1); |
167 | 167 | ||
168 | assert(getenv("LD_PRELOAD") == NULL); | ||
168 | if (arg[0]) // get rid of scan-build warning | 169 | if (arg[0]) // get rid of scan-build warning |
169 | execvp(arg[0], arg); | 170 | execvp(arg[0], arg); |
170 | else | 171 | else |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index c79f1a74e..6cba95501 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -311,7 +311,8 @@ void x11_start_xephyr(int argc, char **argv) { | |||
311 | if (server == 0) { | 311 | if (server == 0) { |
312 | if (arg_debug) | 312 | if (arg_debug) |
313 | printf("Starting xephyr...\n"); | 313 | printf("Starting xephyr...\n"); |
314 | 314 | ||
315 | assert(getenv("LD_PRELOAD") == NULL); | ||
315 | execvp(server_argv[0], server_argv); | 316 | execvp(server_argv[0], server_argv); |
316 | perror("execvp"); | 317 | perror("execvp"); |
317 | _exit(1); | 318 | _exit(1); |
@@ -353,6 +354,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
353 | if (!arg_quiet) | 354 | if (!arg_quiet) |
354 | printf("\n*** Attaching to Xephyr display %d ***\n\n", display); | 355 | printf("\n*** Attaching to Xephyr display %d ***\n\n", display); |
355 | 356 | ||
357 | assert(getenv("LD_PRELOAD") == NULL); | ||
356 | execvp(jail_argv[0], jail_argv); | 358 | execvp(jail_argv[0], jail_argv); |
357 | perror("execvp"); | 359 | perror("execvp"); |
358 | _exit(1); | 360 | _exit(1); |
@@ -432,6 +434,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
432 | dup2(fd_null,2); | 434 | dup2(fd_null,2); |
433 | } | 435 | } |
434 | 436 | ||
437 | assert(getenv("LD_PRELOAD") == NULL); | ||
435 | execvp(server_argv[0], server_argv); | 438 | execvp(server_argv[0], server_argv); |
436 | perror("execvp"); | 439 | perror("execvp"); |
437 | _exit(1); | 440 | _exit(1); |
@@ -478,6 +481,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
478 | if (!arg_quiet) | 481 | if (!arg_quiet) |
479 | printf("\n*** Attaching to xpra display %d ***\n\n", display); | 482 | printf("\n*** Attaching to xpra display %d ***\n\n", display); |
480 | 483 | ||
484 | assert(getenv("LD_PRELOAD") == NULL); | ||
481 | execvp(attach_argv[0], attach_argv); | 485 | execvp(attach_argv[0], attach_argv); |
482 | perror("execvp"); | 486 | perror("execvp"); |
483 | _exit(1); | 487 | _exit(1); |
@@ -508,6 +512,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
508 | if (jail < 0) | 512 | if (jail < 0) |
509 | errExit("fork"); | 513 | errExit("fork"); |
510 | if (jail == 0) { | 514 | if (jail == 0) { |
515 | assert(getenv("LD_PRELOAD") == NULL); | ||
511 | if (firejail_argv[0]) // shut up llvm scan-build | 516 | if (firejail_argv[0]) // shut up llvm scan-build |
512 | execvp(firejail_argv[0], firejail_argv); | 517 | execvp(firejail_argv[0], firejail_argv); |
513 | perror("execvp"); | 518 | perror("execvp"); |
@@ -534,6 +539,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
534 | dup2(fd_null,1); | 539 | dup2(fd_null,1); |
535 | dup2(fd_null,2); | 540 | dup2(fd_null,2); |
536 | } | 541 | } |
542 | assert(getenv("LD_PRELOAD") == NULL); | ||
537 | execvp(stop_argv[0], stop_argv); | 543 | execvp(stop_argv[0], stop_argv); |
538 | perror("execvp"); | 544 | perror("execvp"); |
539 | _exit(1); | 545 | _exit(1); |
@@ -664,11 +670,12 @@ void x11_xorg(void) { | |||
664 | errExit("setreuid"); | 670 | errExit("setreuid"); |
665 | if (setregid(0, 0) < 0) | 671 | if (setregid(0, 0) < 0) |
666 | errExit("setregid"); | 672 | errExit("setregid"); |
667 | 673 | ||
668 | char *display = getenv("DISPLAY"); | 674 | char *display = getenv("DISPLAY"); |
669 | if (!display) | 675 | if (!display) |
670 | display = ":0.0"; | 676 | display = ":0.0"; |
671 | 677 | ||
678 | assert(getenv("LD_PRELOAD") == NULL); | ||
672 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", RUN_XAUTHORITY_SEC_FILE, | 679 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", RUN_XAUTHORITY_SEC_FILE, |
673 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | 680 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); |
674 | 681 | ||