diff options
| -rw-r--r-- | src/firejail/env.c | 2 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 47 | ||||
| -rw-r--r-- | src/firejail/no_sandbox.c | 2 | ||||
| -rw-r--r-- | src/firejail/profile.c | 2 |
5 files changed, 12 insertions, 42 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index 963288459..548e8102d 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
| @@ -119,7 +119,7 @@ void env_defaults(void) { | |||
| 119 | // env_store_name_val("MOZ_NO_REMOTE, "1", SETENV); | 119 | // env_store_name_val("MOZ_NO_REMOTE, "1", SETENV); |
| 120 | env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc, | 120 | env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc, |
| 121 | if (!cfg.shell) | 121 | if (!cfg.shell) |
| 122 | cfg.shell = guess_shell(); | 122 | cfg.shell = cfg.usershell; |
| 123 | if (cfg.shell) | 123 | if (cfg.shell) |
| 124 | env_store_name_val("SHELL", cfg.shell, SETENV); | 124 | env_store_name_val("SHELL", cfg.shell, SETENV); |
| 125 | 125 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19cbacc01..325524379 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -154,6 +154,7 @@ typedef struct config_t { | |||
| 154 | // user data | 154 | // user data |
| 155 | char *username; | 155 | char *username; |
| 156 | char *homedir; | 156 | char *homedir; |
| 157 | char *usershell; | ||
| 157 | 158 | ||
| 158 | // filesystem | 159 | // filesystem |
| 159 | ProfileEntry *profile; | 160 | ProfileEntry *profile; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 8bfff4e68..2a68dc806 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -245,6 +245,9 @@ static void init_cfg(int argc, char **argv) { | |||
| 245 | cfg.username = strdup(pw->pw_name); | 245 | cfg.username = strdup(pw->pw_name); |
| 246 | if (!cfg.username) | 246 | if (!cfg.username) |
| 247 | errExit("strdup"); | 247 | errExit("strdup"); |
| 248 | cfg.usershell = strdup(pw->pw_shell); | ||
| 249 | if (!cfg.usershell) | ||
| 250 | errExit("strdup"); | ||
| 248 | 251 | ||
| 249 | // check user database | 252 | // check user database |
| 250 | if (!firejail_user_check(cfg.username)) { | 253 | if (!firejail_user_check(cfg.username)) { |
| @@ -801,7 +804,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 801 | } | 804 | } |
| 802 | 805 | ||
| 803 | if (!cfg.shell && !arg_shell_none) | 806 | if (!cfg.shell && !arg_shell_none) |
| 804 | cfg.shell = guess_shell(); | 807 | cfg.shell = cfg.usershell; |
| 805 | 808 | ||
| 806 | // join sandbox by pid or by name | 809 | // join sandbox by pid or by name |
| 807 | pid_t pid = require_pid(argv[i] + 7); | 810 | pid_t pid = require_pid(argv[i] + 7); |
| @@ -830,7 +833,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 830 | pid_t pid; | 833 | pid_t pid; |
| 831 | if (!read_pid(argv[i] + 16, &pid)) { | 834 | if (!read_pid(argv[i] + 16, &pid)) { |
| 832 | if (!cfg.shell && !arg_shell_none) | 835 | if (!cfg.shell && !arg_shell_none) |
| 833 | cfg.shell = guess_shell(); | 836 | cfg.shell = cfg.usershell; |
| 834 | 837 | ||
| 835 | join(pid, argc, argv, i + 1); | 838 | join(pid, argc, argv, i + 1); |
| 836 | exit(0); | 839 | exit(0); |
| @@ -851,7 +854,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 851 | } | 854 | } |
| 852 | 855 | ||
| 853 | if (!cfg.shell && !arg_shell_none) | 856 | if (!cfg.shell && !arg_shell_none) |
| 854 | cfg.shell = guess_shell(); | 857 | cfg.shell = cfg.usershell; |
| 855 | 858 | ||
| 856 | // join sandbox by pid or by name | 859 | // join sandbox by pid or by name |
| 857 | pid_t pid = require_pid(argv[i] + 15); | 860 | pid_t pid = require_pid(argv[i] + 15); |
| @@ -871,7 +874,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 871 | } | 874 | } |
| 872 | 875 | ||
| 873 | if (!cfg.shell && !arg_shell_none) | 876 | if (!cfg.shell && !arg_shell_none) |
| 874 | cfg.shell = guess_shell(); | 877 | cfg.shell = cfg.usershell; |
| 875 | 878 | ||
| 876 | // join sandbox by pid or by name | 879 | // join sandbox by pid or by name |
| 877 | pid_t pid = require_pid(argv[i] + 18); | 880 | pid_t pid = require_pid(argv[i] + 18); |
| @@ -889,40 +892,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 889 | 892 | ||
| 890 | } | 893 | } |
| 891 | 894 | ||
| 892 | char *guess_shell(void) { | ||
| 893 | const char *shell; | ||
| 894 | char *retval; | ||
| 895 | |||
| 896 | shell = env_get("SHELL"); | ||
| 897 | if (shell) { | ||
| 898 | invalid_filename(shell, 0); // no globbing | ||
| 899 | if (access(shell, X_OK) == 0 && !is_dir(shell) && strstr(shell, "..") == NULL && | ||
| 900 | strcmp(gnu_basename(shell), "firejail") != 0) | ||
| 901 | goto found; | ||
| 902 | } | ||
| 903 | |||
| 904 | // shells in order of preference | ||
| 905 | static const char * const shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL }; | ||
| 906 | |||
| 907 | int i = 0; | ||
| 908 | while (shells[i] != NULL) { | ||
| 909 | // access call checks as real UID/GID, not as effective UID/GID | ||
| 910 | if (access(shells[i], X_OK) == 0) { | ||
| 911 | shell = shells[i]; | ||
| 912 | goto found; | ||
| 913 | } | ||
| 914 | i++; | ||
| 915 | } | ||
| 916 | |||
| 917 | return NULL; | ||
| 918 | |||
| 919 | found: | ||
| 920 | retval = strdup(shell); | ||
| 921 | if (!retval) | ||
| 922 | errExit("strdup"); | ||
| 923 | return retval; | ||
| 924 | } | ||
| 925 | |||
| 926 | // return argument index | 895 | // return argument index |
| 927 | static int check_arg(int argc, char **argv, const char *argument, int strict) { | 896 | static int check_arg(int argc, char **argv, const char *argument, int strict) { |
| 928 | int i; | 897 | int i; |
| @@ -2901,7 +2870,7 @@ int main(int argc, char **argv, char **envp) { | |||
| 2901 | 2870 | ||
| 2902 | // guess shell if unspecified | 2871 | // guess shell if unspecified |
| 2903 | if (!arg_shell_none && !cfg.shell) { | 2872 | if (!arg_shell_none && !cfg.shell) { |
| 2904 | cfg.shell = guess_shell(); | 2873 | cfg.shell = cfg.usershell; |
| 2905 | if (!cfg.shell) { | 2874 | if (!cfg.shell) { |
| 2906 | fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n"); | 2875 | fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n"); |
| 2907 | exit(1); | 2876 | exit(1); |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index c57d397ef..62b701c4d 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
| @@ -190,7 +190,7 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 190 | 190 | ||
| 191 | if (prog_index == 0) { | 191 | if (prog_index == 0) { |
| 192 | // got no command, require a shell and try to execute it | 192 | // got no command, require a shell and try to execute it |
| 193 | cfg.shell = guess_shell(); | 193 | cfg.shell = cfg.usershell; |
| 194 | if (!cfg.shell) { | 194 | if (!cfg.shell) { |
| 195 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); | 195 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); |
| 196 | exit(1); | 196 | exit(1); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index daa0a2e92..3a4d74317 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -1562,7 +1562,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 1562 | EUID_USER(); | 1562 | EUID_USER(); |
| 1563 | if (!r) { | 1563 | if (!r) { |
| 1564 | if (!cfg.shell && !arg_shell_none) | 1564 | if (!cfg.shell && !arg_shell_none) |
| 1565 | cfg.shell = guess_shell(); | 1565 | cfg.shell = cfg.usershell; |
| 1566 | 1566 | ||
| 1567 | // find first non-option arg | 1567 | // find first non-option arg |
| 1568 | int i; | 1568 | int i; |