1 files changed, 27 insertions, 8 deletions
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 593977e0e..4c1992278 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -360,13 +360,29 @@ void sandboxfs(int op, pid_t pid, const char *path) {
                }
                
                if (access(dest_fname, F_OK) == -1) {
-                        // try to create the file
+                        // try to create the file as a regular user
-                        FILE *fp = fopen(dest_fname, "w");
+                        pid_t child = fork();
-                        if (!fp) {
+                        if (child < 0)
-                                fprintf(stderr, "Error: cannot create %s\n", dest_fname);
+                                errExit("fork");
-                                exit(1);
+                        if (child == 0) {
+                                // drop privileges
+                                drop_privs(0);
+                                
+                                FILE *fp = fopen(dest_fname, "w");
+                                if (!fp) {
+                                        fprintf(stderr, "Error: cannot create %s\n", dest_fname);
+                                        exit(1);
+                                }
+                                fclose(fp);
+                                exit(0);
                        }
-                        fclose(fp);
+                        
+                        // wait for the child to finish
+                        int status = 0;
+                        waitpid(child, &status, 0);
+                        if (WIFEXITED(status) && WEXITSTATUS(status) == 0);
+                        else
+                                exit(1);
                }
                else {
                        if (access(dest_fname, W_OK) == -1) {
@@ -374,10 +390,13 @@ void sandboxfs(int op, pid_t pid, const char *path) {
                                exit(1);
                        }
                }
+                
                // copy file
                EUID_ROOT();
-                copy_file(src_fname, dest_fname, getuid(), getgid(), 0644);
+                if (copy_file(src_fname, dest_fname, getuid(), getgid(), 0644))
-                printf("Transfer complete\n");
+                        fprintf(stderr, "Error: transfer failed\n");
+                else
+                        printf("Transfer complete\n");
                EUID_USER();
        }

diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 593977e0e..4c1992278 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c
@@ -360,13 +360,29 @@ void sandboxfs(int op, pid_t pid, const char *path) {
360	}	360	}
361		361
362	if (access(dest_fname, F_OK) == -1) {	362	if (access(dest_fname, F_OK) == -1) {
363	// try to create the file	363	// try to create the file as a regular user
364	FILE *fp = fopen(dest_fname, "w");	364	pid_t child = fork();
365	if (!fp) {	365	if (child < 0)
366	fprintf(stderr, "Error: cannot create %s\n", dest_fname);	366	errExit("fork");
367	exit(1);	367	if (child == 0) {
		368	// drop privileges
		369	drop_privs(0);
		370
		371	FILE *fp = fopen(dest_fname, "w");
		372	if (!fp) {
		373	fprintf(stderr, "Error: cannot create %s\n", dest_fname);
		374	exit(1);
		375	}
		376	fclose(fp);
		377	exit(0);
368	}	378	}
369	fclose(fp);	379
		380	// wait for the child to finish
		381	int status = 0;
		382	waitpid(child, &status, 0);
		383	if (WIFEXITED(status) && WEXITSTATUS(status) == 0);
		384	else
		385	exit(1);
370	}	386	}
371	else {	387	else {
372	if (access(dest_fname, W_OK) == -1) {	388	if (access(dest_fname, W_OK) == -1) {
@@ -374,10 +390,13 @@ void sandboxfs(int op, pid_t pid, const char *path) {
374	exit(1);	390	exit(1);
375	}	391	}
376	}	392	}
		393
377	// copy file	394	// copy file
378	EUID_ROOT();	395	EUID_ROOT();
379	copy_file(src_fname, dest_fname, getuid(), getgid(), 0644);	396	if (copy_file(src_fname, dest_fname, getuid(), getgid(), 0644))
380	printf("Transfer complete\n");	397	fprintf(stderr, "Error: transfer failed\n");
		398	else
		399	printf("Transfer complete\n");
381	EUID_USER();	400	EUID_USER();
382	}	401	}
383		402