diff options
-rw-r--r-- | src/firejail/fs.c | 8 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 3 | ||||
-rw-r--r-- | src/firejail/x11.c | 19 |
4 files changed, 17 insertions, 15 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 316057ec5..ce1ee4618 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) { | |||
521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || | 521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || |
522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) | 522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) |
523 | errExit("remounting"); | 523 | errExit("remounting"); |
524 | // run a sanity check on /proc/self/mountinfo | ||
524 | if (check_mnt) { | 525 | if (check_mnt) { |
525 | // run a sanity check on /proc/self/mountinfo | 526 | // confirm target of the last mount operation was dir; if there are other |
527 | // mount points contained inside dir, one of those will show up as target | ||
528 | // of the last mount operation instead | ||
526 | MountData *mptr = get_last_mount(); | 529 | MountData *mptr = get_last_mount(); |
527 | size_t len = strlen(dir); | 530 | size_t len = strlen(dir); |
528 | if (strncmp(mptr->dir, dir, len) != 0 || | 531 | if ((strncmp(mptr->dir, dir, len) != 0 || |
529 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 532 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
533 | && strcmp(dir, "/") != 0) // support read-only=/ | ||
530 | errLogExit("invalid %s mount", opstr[op]); | 534 | errLogExit("invalid %s mount", opstr[op]); |
531 | } | 535 | } |
532 | fs_logger2(opstr[op], dir); | 536 | fs_logger2(opstr[op], dir); |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index cfa0af078..45feadce1 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -508,7 +508,7 @@ static void duplicate(char *name) { | |||
508 | ptr++; | 508 | ptr++; |
509 | if (asprintf(&path, "%s/%s", RUN_HOME_DIR, ptr) == -1) | 509 | if (asprintf(&path, "%s/%s", RUN_HOME_DIR, ptr) == -1) |
510 | errExit("asprintf"); | 510 | errExit("asprintf"); |
511 | mkdir_attr(path, 0755, getuid(), getgid()); | 511 | create_empty_dir_as_user(path, 0755); |
512 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FCOPY, fname, path); | 512 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FCOPY, fname, path); |
513 | free(path); | 513 | free(path); |
514 | } | 514 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 995e98f9f..da942207e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -623,7 +623,8 @@ int sandbox(void* sandbox_arg) { | |||
623 | // ... and mount a tmpfs on top of /run/firejail/mnt directory | 623 | // ... and mount a tmpfs on top of /run/firejail/mnt directory |
624 | preproc_mount_mnt_dir(); | 624 | preproc_mount_mnt_dir(); |
625 | // bind-mount firejail binaries and helper programs | 625 | // bind-mount firejail binaries and helper programs |
626 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0) | 626 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 || |
627 | mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0) | ||
627 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); | 628 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); |
628 | 629 | ||
629 | //**************************** | 630 | //**************************** |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index b390ad38e..d80f4df38 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -1175,16 +1175,15 @@ void x11_xorg(void) { | |||
1175 | 1175 | ||
1176 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted | 1176 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted |
1177 | // automatically when the sandbox is closed (rename doesn't work) | 1177 | // automatically when the sandbox is closed (rename doesn't work) |
1178 | // root needed | 1178 | if (arg_debug) |
1179 | if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) { | 1179 | printf("Copying the new .Xauthority file\n"); |
1180 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); | 1180 | copy_file_from_user_to_root(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600); |
1181 | exit(1); | 1181 | |
1182 | } | ||
1183 | /* coverity[toctou] */ | 1182 | /* coverity[toctou] */ |
1184 | unlink(tmpfname); | 1183 | unlink(tmpfname); |
1185 | umount("/tmp"); | 1184 | umount("/tmp"); |
1186 | 1185 | ||
1187 | // remount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid | 1186 | // mount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid |
1188 | fs_remount(RUN_XAUTHORITY_SEC_FILE, MOUNT_NOEXEC, 0); | 1187 | fs_remount(RUN_XAUTHORITY_SEC_FILE, MOUNT_NOEXEC, 0); |
1189 | 1188 | ||
1190 | // Ensure there is already a file in the usual location, so that bind-mount below will work. | 1189 | // Ensure there is already a file in the usual location, so that bind-mount below will work. |
@@ -1294,19 +1293,17 @@ void fs_x11(void) { | |||
1294 | if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND|MS_REC, 0) < 0) | 1293 | if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND|MS_REC, 0) < 0) |
1295 | errExit("mount bind"); | 1294 | errExit("mount bind"); |
1296 | 1295 | ||
1297 | // This directory must be mode 1777, or Xlib will barf. | 1296 | // This directory must be mode 1777 |
1298 | if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs", | 1297 | if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs", |
1299 | MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME, | 1298 | MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME, |
1300 | "mode=1777,uid=0,gid=0") < 0) | 1299 | "mode=1777,uid=0,gid=0") < 0) |
1301 | errExit("mounting tmpfs on /tmp/.X11-unix"); | 1300 | errExit("mounting tmpfs on /tmp/.X11-unix"); |
1302 | fs_logger("tmpfs /tmp/.X11-unix"); | 1301 | fs_logger("tmpfs /tmp/.X11-unix"); |
1303 | 1302 | ||
1304 | // create an empty file which will have the desired socket bind-mounted over it | 1303 | // create an empty root-owned file which will have the desired socket bind-mounted over it |
1305 | int fd = open(x11file, O_RDWR|O_CREAT|O_EXCL, x11stat.st_mode & ~S_IFMT); | 1304 | int fd = open(x11file, O_RDONLY|O_CREAT|O_EXCL, S_IRUSR | S_IWUSR); |
1306 | if (fd < 0) | 1305 | if (fd < 0) |
1307 | errExit(x11file); | 1306 | errExit(x11file); |
1308 | if (fchown(fd, x11stat.st_uid, x11stat.st_gid)) | ||
1309 | errExit("fchown"); | ||
1310 | close(fd); | 1307 | close(fd); |
1311 | 1308 | ||
1312 | // the mount source is under control of the user, so be careful and | 1309 | // the mount source is under control of the user, so be careful and |