diff options
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 13 | ||||
-rw-r--r-- | src/firejail/paths.c | 98 | ||||
-rw-r--r-- | src/firejail/profile.c | 6 |
4 files changed, 112 insertions, 8 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19c8c5eb5..a754711b1 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -509,5 +509,8 @@ void run_symlink(int argc, char **argv); | |||
509 | // user.c | 509 | // user.c |
510 | void check_user(int argc, char **argv); | 510 | void check_user(int argc, char **argv); |
511 | 511 | ||
512 | // paths.c | ||
513 | char **build_paths(void); | ||
514 | |||
512 | #endif | 515 | #endif |
513 | 516 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a43ed3134..c3e9890b4 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -460,13 +460,14 @@ void fs_blacklist(void) { | |||
460 | if (strncmp(ptr, "${PATH}", 7) == 0) { | 460 | if (strncmp(ptr, "${PATH}", 7) == 0) { |
461 | char *fname = ptr + 7; | 461 | char *fname = ptr + 7; |
462 | size_t fname_len = strlen(fname); | 462 | size_t fname_len = strlen(fname); |
463 | char **path, *paths[] = {"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL}; | 463 | char **paths = build_paths(); //{"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL}; |
464 | for (path = &paths[0]; *path; path++) { | 464 | int i = 0; |
465 | char newname[strlen(*path) + fname_len + 1]; | 465 | while (paths[i] != NULL) { |
466 | sprintf(newname, "%s%s", *path, fname); | 466 | char *path = paths[i]; |
467 | i++; | ||
468 | char newname[strlen(path) + fname_len + 1]; | ||
469 | sprintf(newname, "%s%s", path, fname); | ||
467 | globbing(op, newname, (const char**)noblacklist, noblacklist_c); | 470 | globbing(op, newname, (const char**)noblacklist, noblacklist_c); |
468 | if (last_disable == SUCCESSFUL) | ||
469 | break; | ||
470 | } | 471 | } |
471 | } | 472 | } |
472 | else | 473 | else |
diff --git a/src/firejail/paths.c b/src/firejail/paths.c new file mode 100644 index 000000000..3d4b8cd8e --- /dev/null +++ b/src/firejail/paths.c | |||
@@ -0,0 +1,98 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "firejail.h" | ||
21 | |||
22 | static char **paths = NULL; | ||
23 | static int path_cnt = 0; | ||
24 | static char initialized = 0; | ||
25 | |||
26 | static void add_path(const char *path) { | ||
27 | assert(paths); | ||
28 | assert(path_cnt); | ||
29 | |||
30 | // filter out duplicates | ||
31 | int i; | ||
32 | int empty = 0; | ||
33 | for (i = 0; i < path_cnt; i++) { | ||
34 | if (paths[i] && strcmp(path, paths[i]) == 0) { | ||
35 | return; | ||
36 | } | ||
37 | if (!paths[i]) { | ||
38 | empty = i; | ||
39 | break; | ||
40 | } | ||
41 | } | ||
42 | |||
43 | paths[empty] = strdup(path); | ||
44 | if (!paths[empty]) | ||
45 | errExit("strdup"); | ||
46 | } | ||
47 | |||
48 | char **build_paths(void) { | ||
49 | if (initialized) { | ||
50 | assert(paths); | ||
51 | return paths; | ||
52 | } | ||
53 | initialized = 1; | ||
54 | |||
55 | int cnt = 5; // 4 default paths + 1 NULL to end the array | ||
56 | char *path1 = getenv("PATH"); | ||
57 | if (path1) { | ||
58 | char *path2 = strdup(path1); | ||
59 | if (!path2) | ||
60 | errExit("strdup"); | ||
61 | |||
62 | // use path2 to count the entries | ||
63 | char *ptr = strtok(path2, ":"); | ||
64 | while (ptr) { | ||
65 | cnt++; | ||
66 | ptr = strtok(NULL, ":"); | ||
67 | } | ||
68 | free(path2); | ||
69 | path_cnt = cnt; | ||
70 | |||
71 | // allocate paths array | ||
72 | paths = malloc(sizeof(char *) * cnt); | ||
73 | if (!paths) | ||
74 | errExit("malloc"); | ||
75 | memset(paths, 0, sizeof(char *) * cnt); | ||
76 | |||
77 | // add default paths | ||
78 | add_path("/bin"); | ||
79 | add_path("/sbin"); | ||
80 | add_path("/usr/bin"); | ||
81 | add_path("/usr/sbin"); | ||
82 | |||
83 | path2 = strdup(path1); | ||
84 | if (!path2) | ||
85 | errExit("strdup"); | ||
86 | |||
87 | // use path2 to count the entries | ||
88 | ptr = strtok(path2, ":"); | ||
89 | while (ptr) { | ||
90 | cnt++; | ||
91 | add_path(ptr); | ||
92 | ptr = strtok(NULL, ":"); | ||
93 | } | ||
94 | free(path2); | ||
95 | } | ||
96 | |||
97 | return paths; | ||
98 | } | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5acbbec38..70ec360ce 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -533,8 +533,10 @@ void profile_read(const char *fname) { | |||
533 | // verify syntax, exit in case of error | 533 | // verify syntax, exit in case of error |
534 | if (profile_check_line(ptr, lineno, fname)) | 534 | if (profile_check_line(ptr, lineno, fname)) |
535 | profile_add(ptr); | 535 | profile_add(ptr); |
536 | else | 536 | // we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure |
537 | free(ptr); | 537 | // else { |
538 | // free(ptr); | ||
539 | // } | ||
538 | } | 540 | } |
539 | fclose(fp); | 541 | fclose(fp); |
540 | } | 542 | } |