diff options
-rw-r--r-- | src/fcopy/main.c | 19 | ||||
-rw-r--r-- | src/firemon/caps.c | 1 | ||||
-rw-r--r-- | src/firemon/procevent.c | 6 | ||||
-rw-r--r-- | src/firemon/seccomp.c | 4 | ||||
-rw-r--r-- | src/ftee/main.c | 32 | ||||
-rwxr-xr-x | test/utils/firemon-cpu.exp | 1 | ||||
-rwxr-xr-x | test/utils/firemon-interface.exp | 18 | ||||
-rwxr-xr-x | test/utils/firemon-name.exp | 28 | ||||
-rwxr-xr-x | test/utils/firemon-version.exp | 18 | ||||
-rwxr-xr-x | test/utils/utils.sh | 9 |
10 files changed, 96 insertions, 40 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 82d829bba..ca2643e7d 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -188,22 +188,19 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str | |||
188 | static char *check(const char *src) { | 188 | static char *check(const char *src) { |
189 | struct stat s; | 189 | struct stat s; |
190 | char *rsrc = realpath(src, NULL); | 190 | char *rsrc = realpath(src, NULL); |
191 | if (!rsrc || stat(rsrc, &s) == -1) { | 191 | if (!rsrc || stat(rsrc, &s) == -1) |
192 | fprintf(stderr, "Error fcopy: cannot find %s directory\n", src); | 192 | goto errexit; |
193 | exit(1); | ||
194 | } | ||
195 | 193 | ||
196 | // check uid | 194 | // check uid |
197 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | 195 | if (s.st_uid != getuid() || s.st_gid != getgid()) |
198 | fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc); | 196 | goto errexit; |
199 | exit(1); | ||
200 | } | ||
201 | 197 | ||
202 | // dir, link, regular file | 198 | // dir, link, regular file |
203 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) { | 199 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) |
204 | return rsrc; // normal exit from the function | 200 | return rsrc; // normal exit from the function |
205 | } | 201 | |
206 | fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc); | 202 | errexit: |
203 | fprintf(stderr, "Error fcopy: invalid file %s\n", src); | ||
207 | exit(1); | 204 | exit(1); |
208 | } | 205 | } |
209 | 206 | ||
diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 81877ab87..3f8a139ae 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c | |||
@@ -24,7 +24,6 @@ static void print_caps(int pid) { | |||
24 | char *file; | 24 | char *file; |
25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { |
26 | errExit("asprintf"); | 26 | errExit("asprintf"); |
27 | exit(1); | ||
28 | } | 27 | } |
29 | 28 | ||
30 | FILE *fp = fopen(file, "r"); | 29 | FILE *fp = fopen(file, "r"); |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 1940f4a34..edae21951 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) { | |||
43 | 43 | ||
44 | // open /proc/self/comm | 44 | // open /proc/self/comm |
45 | char *file; | 45 | char *file; |
46 | if (asprintf(&file, "/proc/%u/comm", pid) == -1) { | 46 | if (asprintf(&file, "/proc/%u/comm", pid) == -1) |
47 | perror("asprintf"); | 47 | errExit("asprintf"); |
48 | exit(1); | ||
49 | } | ||
50 | 48 | ||
51 | FILE *fp = fopen(file, "r"); | 49 | FILE *fp = fopen(file, "r"); |
52 | if (!fp) { | 50 | if (!fp) { |
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index abc698bb8..f11c624ea 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c | |||
@@ -22,10 +22,8 @@ | |||
22 | #define MAXBUF 4098 | 22 | #define MAXBUF 4098 |
23 | static void print_seccomp(int pid) { | 23 | static void print_seccomp(int pid) { |
24 | char *file; | 24 | char *file; |
25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 25 | if (asprintf(&file, "/proc/%d/status", pid) == -1) |
26 | errExit("asprintf"); | 26 | errExit("asprintf"); |
27 | exit(1); | ||
28 | } | ||
29 | 27 | ||
30 | FILE *fp = fopen(file, "r"); | 28 | FILE *fp = fopen(file, "r"); |
31 | if (!fp) { | 29 | if (!fp) { |
diff --git a/src/ftee/main.c b/src/ftee/main.c index e6aa5f567..2b27baa5a 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c | |||
@@ -179,10 +179,6 @@ static int is_link(const char *fname) { | |||
179 | return 0; | 179 | return 0; |
180 | } | 180 | } |
181 | 181 | ||
182 | |||
183 | |||
184 | |||
185 | |||
186 | static void usage(void) { | 182 | static void usage(void) { |
187 | printf("Usage: ftee filename\n"); | 183 | printf("Usage: ftee filename\n"); |
188 | } | 184 | } |
@@ -201,33 +197,25 @@ int main(int argc, char **argv) { | |||
201 | 197 | ||
202 | 198 | ||
203 | // do not accept directories, links, and files with ".." | 199 | // do not accept directories, links, and files with ".." |
204 | if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) { | 200 | if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) |
205 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | 201 | goto errexit; |
206 | exit(1); | ||
207 | } | ||
208 | 202 | ||
209 | struct stat s; | 203 | struct stat s; |
210 | if (stat(fname, &s) == 0) { | 204 | if (stat(fname, &s) == 0) { |
211 | // check permissions | 205 | // check permissions |
212 | if (s.st_uid != getuid() || s.st_gid != getgid()) { | 206 | if (s.st_uid != getuid() || s.st_gid != getgid()) |
213 | fprintf(stderr, "Error: the output file needs to be owned by the current user.\n"); | 207 | goto errexit; |
214 | exit(1); | ||
215 | } | ||
216 | 208 | ||
217 | // check hard links | 209 | // check hard links |
218 | if (s.st_nlink != 1) { | 210 | if (s.st_nlink != 1) |
219 | fprintf(stderr, "Error: no hard links allowed.\n"); | 211 | goto errexit; |
220 | exit(1); | ||
221 | } | ||
222 | } | 212 | } |
223 | 213 | ||
224 | // check if we can append to this file | 214 | // check if we can append to this file |
225 | /* coverity[toctou] */ | 215 | /* coverity[toctou] */ |
226 | FILE *fp = fopen(fname, "a"); | 216 | FILE *fp = fopen(fname, "a"); |
227 | if (!fp) { | 217 | if (!fp) |
228 | fprintf(stderr, "Error: cannot open output file %s\n", fname); | 218 | goto errexit; |
229 | exit(1); | ||
230 | } | ||
231 | fclose(fp); | 219 | fclose(fp); |
232 | 220 | ||
233 | 221 | ||
@@ -248,4 +236,8 @@ int main(int argc, char **argv) { | |||
248 | 236 | ||
249 | log_close(); | 237 | log_close(); |
250 | return 0; | 238 | return 0; |
239 | |||
240 | errexit: | ||
241 | fprintf(stderr, "Error ftee: invalid output file.\n"); | ||
242 | return 1; | ||
251 | } | 243 | } |
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp index f2ecd4a5c..00156c909 100755 --- a/test/utils/firemon-cpu.exp +++ b/test/utils/firemon-cpu.exp | |||
@@ -24,7 +24,6 @@ sleep 1 | |||
24 | 24 | ||
25 | spawn $env(SHELL) | 25 | spawn $env(SHELL) |
26 | send -- "firemon --cpu\r" | 26 | send -- "firemon --cpu\r" |
27 | sleep 4 | ||
28 | expect { | 27 | expect { |
29 | timeout {puts "TESTING ERROR 2\n";exit} | 28 | timeout {puts "TESTING ERROR 2\n";exit} |
30 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | 29 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} |
diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp new file mode 100755 index 000000000..edafd1639 --- /dev/null +++ b/test/utils/firemon-interface.exp | |||
@@ -0,0 +1,18 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firemon --interface\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "you need to be root" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | puts "\nall done\n" | ||
18 | |||
diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp new file mode 100755 index 000000000..c5dbfabab --- /dev/null +++ b/test/utils/firemon-name.exp | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firemon --cpu --name=test\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | ||
22 | "Cpus_allowed_list" | ||
23 | } | ||
24 | |||
25 | after 100 | ||
26 | |||
27 | puts "\nall done\n" | ||
28 | |||
diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp new file mode 100755 index 000000000..639c15c29 --- /dev/null +++ b/test/utils/firemon-version.exp | |||
@@ -0,0 +1,18 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firemon --version\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "firemon version" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | puts "\nall done\n" | ||
18 | |||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index bd91110f7..804e5ae0f 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -100,3 +100,12 @@ echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)" | |||
100 | echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)" | 100 | echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)" |
101 | ./firemon-cgroup.exp | 101 | ./firemon-cgroup.exp |
102 | 102 | ||
103 | echo "TESTING: firemon version (test/utils/firemon-version.exp)" | ||
104 | ./firemon-version.exp | ||
105 | |||
106 | echo "TESTING: firemon interface (test/utils/firemon-interface.exp)" | ||
107 | ./firemon-interface.exp | ||
108 | |||
109 | echo "TESTING: firemon name (test/utils/firemon-name.exp)" | ||
110 | ./firemon-name.exp | ||
111 | |||