diff options
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r-- | src/firejail/fs_whitelist.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 21fa8e624..2b63d949d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -316,6 +316,16 @@ static void whitelist_path(ProfileEntry *entry) { | |||
316 | if (mount(wfile, path, NULL, MS_BIND|MS_REC, NULL) < 0) | 316 | if (mount(wfile, path, NULL, MS_BIND|MS_REC, NULL) < 0) |
317 | errExit("mount bind"); | 317 | errExit("mount bind"); |
318 | 318 | ||
319 | // check the last mount operation | ||
320 | MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found | ||
321 | |||
322 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! | ||
323 | // - there should be more than one '/' char in dest string | ||
324 | if (mptr->dir == strrchr(mptr->dir, '/')) { | ||
325 | fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir); | ||
326 | exit(1); | ||
327 | } | ||
328 | |||
319 | free(wfile); | 329 | free(wfile); |
320 | return; | 330 | return; |
321 | 331 | ||
@@ -856,6 +866,15 @@ void fs_whitelist(void) { | |||
856 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); | 866 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); |
857 | else if (arg_debug || arg_debug_whitelists) | 867 | else if (arg_debug || arg_debug_whitelists) |
858 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); | 868 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); |
869 | |||
870 | // check again for files in /tmp directory | ||
871 | if (strncmp(entry->link, "/tmp/", 5) == 0) { | ||
872 | char *path = realpath(entry->link, NULL); | ||
873 | if (path == NULL || strncmp(path, "/tmp/", 5) != 0) { | ||
874 | fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link); | ||
875 | exit(1); | ||
876 | } | ||
877 | } | ||
859 | } | 878 | } |
860 | } | 879 | } |
861 | } | 880 | } |