diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 8632952a4..14c76a144 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -215,8 +215,12 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[ | |||
215 | 215 | ||
216 | size_t i, j; | 216 | size_t i, j; |
217 | for (i = 0; i < globbuf.gl_pathc; i++) { | 217 | for (i = 0; i < globbuf.gl_pathc; i++) { |
218 | char* path = globbuf.gl_pathv[i]; | 218 | char *path = globbuf.gl_pathv[i]; |
219 | assert(path); | 219 | assert(path); |
220 | // /home/me/.* can glob to /home/me/.. which would blacklist /home/ | ||
221 | const char *base = gnu_basename(path); | ||
222 | if (strcmp(base, ".") == 0 || strcmp(base, "..") == 0) | ||
223 | continue; | ||
220 | // noblacklist is expected to be short in normal cases, so stupid and correct brute force is okay | 224 | // noblacklist is expected to be short in normal cases, so stupid and correct brute force is okay |
221 | bool okay_to_blacklist = true; | 225 | bool okay_to_blacklist = true; |
222 | for (j = 0; j < noblacklist_len; j++) { | 226 | for (j = 0; j < noblacklist_len; j++) { |