1 files changed, 19 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 21fa8e624..2b63d949d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -316,6 +316,16 @@ static void whitelist_path(ProfileEntry *entry) {
        if (mount(wfile, path, NULL, MS_BIND|MS_REC, NULL) < 0)
                errExit("mount bind");
+        // check the last mount operation
+        MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found
+        // No mounts are allowed on top level directories. A destination such as "/etc" is very bad!
+        //  - there should be more than one '/' char in dest string
+        if (mptr->dir == strrchr(mptr->dir, '/')) {
+                fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir);
+                exit(1);
+        }
        free(wfile);
        return;
@@ -856,6 +866,15 @@ void fs_whitelist(void) {
                                                fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link);
                                        else if (arg_debug || arg_debug_whitelists)
                                                printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10);
+                                        // check again for files in /tmp directory
+                                        if (strncmp(entry->link, "/tmp/", 5) == 0) {
+                                                char *path = realpath(entry->link, NULL);
+                                                if (path == NULL || strncmp(path, "/tmp/", 5) != 0) {
+                                                        fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link);
+                                                        exit(1);
+                                                }
+                                        }
                                }
                        }
                }

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 21fa8e624..2b63d949d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -316,6 +316,16 @@ static void whitelist_path(ProfileEntry *entry) {
316	if (mount(wfile, path, NULL, MS_BIND\|MS_REC, NULL) < 0)	316	if (mount(wfile, path, NULL, MS_BIND\|MS_REC, NULL) < 0)
317	errExit("mount bind");	317	errExit("mount bind");
318		318
		319	// check the last mount operation
		320	MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found
		321
		322	// No mounts are allowed on top level directories. A destination such as "/etc" is very bad!
		323	// - there should be more than one '/' char in dest string
		324	if (mptr->dir == strrchr(mptr->dir, '/')) {
		325	fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir);
		326	exit(1);
		327	}
		328
319	free(wfile);	329	free(wfile);
320	return;	330	return;
321		331
@@ -856,6 +866,15 @@ void fs_whitelist(void) {
856	fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link);	866	fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link);
857	else if (arg_debug \|\| arg_debug_whitelists)	867	else if (arg_debug \|\| arg_debug_whitelists)
858	printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10);	868	printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10);
		869
		870	// check again for files in /tmp directory
		871	if (strncmp(entry->link, "/tmp/", 5) == 0) {
		872	char *path = realpath(entry->link, NULL);
		873	if (path == NULL \|\| strncmp(path, "/tmp/", 5) != 0) {
		874	fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link);
		875	exit(1);
		876	}
		877	}
859	}	878	}
860	}	879	}
861	}	880	}