39 files changed, 72 insertions, 18 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..a085e155a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+*.o
+*.so
+*~
+Makefile
+config.log
+config.status
+firejail-login.5
+firejail-profile.5
+firejail.1
+firemon.1
+src/firejail/firejail
+src/firemon/firemon
+src/ftee/ftee
+
diff --git a/Makefile.in b/Makefile.in
index 6b9739524..da92ac138 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -86,6 +86,7 @@ install: all
         install -c -m 0644 etc/disable-mgmt.inc $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/disable-secret.inc $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/disable-common.inc $(DESTDIR)/etc/firejail/.
+        install -c -m 0644 etc/disable-history.inc $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/opera.profile $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/thunderbird.profile $(DESTDIR)/etc/firejail/.
diff --git a/README b/README
index dde1bfcbb..4a33ebd74 100644
--- a/README
+++ b/README
@@ -24,5 +24,9 @@ Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
         - src/lib/libnetlink.c extracted from iproute2 software package
 G4JC (http://sourceforge.net/u/gaming4jc/profile/)
         - ARM support (ticket 17)
+dewbasaur (https://github.com/dewbasaur)
+        - block access to history files (issue 16)
+Peter Millerchip (https://github.com/pmillerchip)
+        - memory allocation fix (issue 13)
 
 Copyright (C) 2014, 2015 Firejail Authors
diff --git a/RELNOTES b/RELNOTES
index 379c8f1c3..4404d38f3 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,3 +1,11 @@
+firejail (0.9.29) baseline; urgency=low
+  * added a disable-history.inc profile as a result of Firefox PDF.js exploit;
+    disable-history.inc included in all default profiles
+  * added --private-etc option
+  * support ${HOME} token in include directive in profile files
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sat, 12 Aug 2015 20:25:00 -0500
+
 firejail (0.9.28) baseline; urgency=low
   * network scanning, --scan option
   * interface MAC address support, --mac option
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 23f223a29..923b70184 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 4f6e7e450..13559a5a8 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc chromium
+include /etc/firejail/disable-history.inc
 netfilter
 
 
diff --git a/etc/clementine.profile b/etc/clementine.profile
index dd855cc62..47c40506a 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index e2f5787cc..68027bd7c 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 138d0a133..24a082099 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 82b54adb1..008660f77 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps
 seccomp
 noroot
diff --git a/etc/empathy.profile b/etc/empathy.profile
index d24cae528..7a9e53b86 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -2,5 +2,6 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
diff --git a/etc/evince.profile b/etc/evince.profile
index 4d96d5904..e81044314 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index a54b5a734..dc5086595 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc .filezilla
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/firefox.profile b/etc/firefox.profile
index dc3489d35..cd504ab44 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc .mozilla
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index b69cf3a57..4be1c1093 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/midori.profile b/etc/midori.profile
index 5479ba172..b21bc94ef 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc midori
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/opera.profile b/etc/opera.profile
index 852f10719..8f8dbc609 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc opera
+include /etc/firejail/disable-history.inc
 netfilter
 noroot
 
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 6f5594919..3574e4d66 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index f85dfc994..71ddff631 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/quassel.profile b/etc/quassel.profile
index a2057ad01..931debc95 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 42d4dc0fa..f2870d543 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 8b63a6ec5..34594b837 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc thunderbird icedove
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/totem.profile b/etc/totem.profile
index 50115deb5..6b26a4e0e 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 9ccece285..dc1d9d524 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 65a045f8e..64c2ba8ad 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 76e1395f9..365ea838a 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/etc/xchat.profile b/etc/xchat.profile
index b8d8cb1e2..45f0f15ba 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -2,6 +2,7 @@
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
 caps.drop all
 seccomp
 noroot
diff --git a/mkdeb.sh b/mkdeb.sh
index 159649975..2a34b2699 100755
--- a/mkdeb.sh
+++ b/mkdeb.sh
@@ -77,6 +77,7 @@ cp etc/pidgin.profile debian/etc/firejail/.
 cp etc/filezilla.profile debian/etc/firejail/.
 cp etc/empathy.profile debian/etc/firejail/.
 cp etc/disable-common.inc debian/etc/firejail/.
+cp etc/disable-history.inc debian/etc/firejail/.
 cp etc/deadbeef.profile debian/etc/firejail/.
 cp etc/icecat.profile debian/etc/firejail/.
 cp platform/debian/conffiles $DEBIAN_CTRL_DIR/.
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6f55cc021..7bf575dd8 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -29,5 +29,6 @@
 /etc/firejail/filezilla.profile
 /etc/firejail/empathy.profile
 /etc/firejail/disable-common.inc
+/etc/firejail/disable-history.inc
 /etc/firejail/deadbeef.profile
 /etc/firejail/icecat.profile
diff --git a/src/firejail/arg-checking.txt b/src/firejail/arg-checking.txt
index c1ab2cb21..07e61df93 100644
--- a/src/firejail/arg-checking.txt
+++ b/src/firejail/arg-checking.txt
@@ -59,7 +59,7 @@ arg checking:
         - check same owner
         - unit test
         
-9. --private.keep=filelist
+9. --private-home=filelist
         - supported in profiles
         - checking no ".."
         - checking file found
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 5adabbcb3..a1833b4bc 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -282,9 +282,9 @@ void fs_private_dev(void);
 void fs_private(void);
 // private mode (--private=homedir)
 void fs_private_homedir(void);
-// private mode (--private.keep=list)
+// private mode (--private-home=list)
 void fs_private_home_list(void);
-// check directory linst specified by user (--private.keep option) - exit if it fails
+// check directory list specified by user (--private-home option) - exit if it fails
 void fs_check_home_list(void);
 // check new private home directory (--private= option) - exit if it fails
 void fs_check_private_dir(void);
@@ -357,4 +357,4 @@ void network_shm_set_file(pid_t pid);
 void fs_check_etc_list(void);
 void fs_private_etc_list(void);
 
-#endif
\ No newline at end of file
+#endif
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index ca4691751..e726d6f10 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -302,10 +302,10 @@ static void check_dir_or_file(const char *name) {
         exit(1);
 }
 
-// check directory linst specified by user (--private.keep option) - exit if it fails
+// check directory list specified by user (--private-home option) - exit if it fails
 void fs_check_home_list(void) {
         if (strstr(cfg.home_private_keep, "..")) {
-                fprintf(stderr, "Error: invalid private.keep list\n");
+                fprintf(stderr, "Error: invalid private-home list\n");
                 exit(1);
         }
         
@@ -385,7 +385,7 @@ static void duplicate(char *fname) {
 }
 
 
-// private mode (--private.keep=list):
+// private mode (--private-home=list):
 //      mount homedir on top of /home/user,
 //      tmpfs on top of  /root in nonroot mode,
 //      tmpfs on top of /tmp in root mode,
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1f4574c5c..6c5d9a44e 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -677,7 +677,7 @@ int main(int argc, char **argv) {
                         arg_private = 1;
                 else if (strncmp(argv[i], "--private=", 10) == 0) {
                         if (cfg.home_private_keep) {
-                                fprintf(stderr, "Error: a private list of files was already defined with --private.keep option.\n");
+                                fprintf(stderr, "Error: a private list of files was already defined with --private-home option.\n");
                                 exit(1);
                         }
                         
@@ -686,7 +686,8 @@ int main(int argc, char **argv) {
                         fs_check_private_dir();
                         arg_private = 1;
                 }
-                else if (strncmp(argv[i], "--private.keep=", 15) == 0) {
+                else if ((strncmp(argv[i], "--private.keep=", 15) == 0)
+                      || (strncmp(argv[i], "--private-home=", 15) == 0)) {
                         if (cfg.home_private) {
                                 fprintf(stderr, "Error: a private home directory was already defined with --private option.\n");
                                 exit(1);
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index dbed4ac30..fd8a9b2f3 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -67,9 +67,9 @@ void netfilter(const char *fname) {
                 }
 
                 filter = malloc(s.st_size + 1);   // + '\0'
-                memset(filter, 0, s.st_size + 1);
                 if (!filter)
                         errExit("malloc");
+                memset(filter, 0, s.st_size + 1);
 
                 /* coverity[toctou] */
                 FILE *fp = fopen(fname, "r");
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index a6843cc6d..a73582499 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -228,7 +228,8 @@ int profile_check_line(char *ptr, int lineno) {
         }
 
         // private home list of files and directories
-        if (strncmp(ptr, "private.keep ", 13) == 0) {
+        if ((strncmp(ptr, "private.keep ", 13) == 0)
+         || (strncmp(ptr, "private-home ", 13) == 0)) {
                 cfg.home_private_keep = ptr + 13;
                 fs_check_home_list();
                 arg_private = 1;
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 2beb31099..2cdc67d1c 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -237,7 +237,7 @@ int sandbox(void* sandbox_arg) {
         if (arg_private) {
                 if (cfg.home_private)   // --private=
                         fs_private_homedir();
-                else if (cfg.home_private_keep) // --private.keep=
+                else if (cfg.home_private_keep) // --private-home=
                         fs_private_home_list();
                 else // --private
                         fs_private();
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 2beeddb70..3ddd85aac 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -148,7 +148,7 @@ void usage(void) {
         printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n");
         printf("\t\tclosed.\n\n");
         printf("\t--private=directory - use directory as user home.\n\n");
-        printf("\t--private.keep=file,directory - build a new user home in a temporary\n");
+        printf("\t--private-home=file,directory - build a new user home in a temporary\n");
         printf("\t\tfilesystem, and copy the files and directories in the list in\n");
         printf("\t\tthe new home. All modifications are discarded when the sandbox\n");
         printf("\t\tis closed.\n\n");
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 60d9c47c5..ff265c198 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -16,9 +16,9 @@ Include and comment support:
 
 .TP
 \f\include other.profile exclude-token
-Include other.profile file. exclued-token disables blacklist commands in other.profile
+Include other.profile file. exclude-token disables blacklist commands in other.profile
 if exclude-token word is found in the name section of blacklist command.
-exclude-tyoken is optional.
+exclude-token is optional.
 
 Example: "include /etc/firejail/disable-common.inc .filezilla"
 loads disable-common.inc file disables "blacklist ${HOME}/.filezilla" command in this file.
@@ -73,7 +73,7 @@ closed.
 \f\private directory
 Use directory as user home.
 .TP
-\f\private.keep file,directory
+\f\private-home file,directory
 Build a new user home in a temporary
 filesystem, and copy the files and directories in the list in the
 new home. All modifications are discarded when the sandbox is
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index dbffe68ed..21310aebc 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -639,7 +639,7 @@ Example:
 $ firejail \-\-private=/home/netblue/firefox-home firefox
 
 .TP
-\fB\-\-private.keep=file,directory
+\fB\-\-private-home=file,directory
 Build a new user home in a temporary
 filesystem, and copy the files and directories in the list in the
 new home. All modifications are discarded when the sandbox is
@@ -649,7 +649,7 @@ closed.
 .br
 Example:
 .br
-$ firejail \-\-private.keep=.mozilla firefox
+$ firejail \-\-private-home=.mozilla firefox
 .TP
 \fB\-\-private-dev
 Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, urandom and shm devices are available.