aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--RELNOTES5
-rw-r--r--src/firejail/main.c8
-rw-r--r--src/firejail/util.c8
3 files changed, 19 insertions, 2 deletions
diff --git a/RELNOTES b/RELNOTES
index c0fb8b20b..7aeac4f8d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,7 +1,10 @@
1firejail (0.9.45) baseline; urgency=low 1firejail (0.9.45) baseline; urgency=low
2 * development version, work in progress 2 * development version, work in progress
3 -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 3 * security: overwrite /etc/resolv.conf found by Martin Carpenter
4 * feature: split most of networking code in a separate executable
4 * new profiles: xiphos, Tor Browser Bundle 5 * new profiles: xiphos, Tor Browser Bundle
6 * bugfixes
7 -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500
5 8
6firejail (0.9.44) baseline; urgency=low 9firejail (0.9.44) baseline; urgency=low
7 * CVE-2016-7545 submitted by Aleksey Manevich 10 * CVE-2016-7545 submitted by Aleksey Manevich
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b5a97c71e..f41d5fcd3 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1605,6 +1605,14 @@ int main(int argc, char **argv) {
1605 return 1; 1605 return 1;
1606 } 1606 }
1607 1607
1608 // don't allow "--chroot=/"
1609 char *rpath = realpath(cfg.chrootdir, NULL);
1610 if (rpath == NULL || strcmp(rpath, "/") == 0) {
1611 fprintf(stderr, "Error: invalid chroot directory\n");
1612 exit(1);
1613 }
1614 free(rpath);
1615
1608 // check chroot directory structure 1616 // check chroot directory structure
1609 if (fs_check_chroot_dir(cfg.chrootdir)) { 1617 if (fs_check_chroot_dir(cfg.chrootdir)) {
1610 fprintf(stderr, "Error: invalid chroot\n"); 1618 fprintf(stderr, "Error: invalid chroot\n");
diff --git a/src/firejail/util.c b/src/firejail/util.c
index f38b02fd0..4b2e09953 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -171,11 +171,17 @@ void logerr(const char *msg) {
171} 171}
172 172
173 173
174// return -1 if error, 0 if no error 174// return -1 if error, 0 if no error; if destname already exists, return error
175int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { 175int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) {
176 assert(srcname); 176 assert(srcname);
177 assert(destname); 177 assert(destname);
178 178
179 struct stat s;
180 if (stat(destname, &s) == 0) {
181 fprintf(stderr, "Error: file %s already exists\n", destname);
182 return -1;
183 }
184
179 // open source 185 // open source
180 int src = open(srcname, O_RDONLY); 186 int src = open(srcname, O_RDONLY);
181 if (src < 0) { 187 if (src < 0) {
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-28 13:51:32 +0000