1 files changed, 3 insertions, 16 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 258f023f6..370035a4d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -195,15 +195,7 @@ static void whitelist_file(int dirfd, const char *relpath, const char *path) {
        if (arg_debug || arg_debug_whitelists)
                printf("Whitelisting %s\n", path);
+        if (bind_mount_by_fd(fd, fd3))
-        // in order to make this mount resilient against symlink attacks, use
-        // magic links in /proc/self/fd instead of mounting the paths directly
-        char *proc_src, *proc_dst;
-        if (asprintf(&proc_src, "/proc/self/fd/%d", fd) == -1)
-                errExit("asprintf");
-        if (asprintf(&proc_dst, "/proc/self/fd/%d", fd3) == -1)
-                errExit("asprintf");
-        if (mount(proc_src, proc_dst, NULL, MS_BIND | MS_REC, NULL) < 0)
                errExit("mount bind");
        // check the last mount operation
        MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found
@@ -221,8 +213,6 @@ static void whitelist_file(int dirfd, const char *relpath, const char *path) {
        //  - there should be more than one '/' char in dest string
        if (mptr->dir == strrchr(mptr->dir, '/'))
                errLogExit("invalid whitelist mount");
-        free(proc_src);
-        free(proc_dst);
        close(fd);
        close(fd3);
        fs_logger2("whitelist", path);
@@ -267,6 +257,7 @@ static void whitelist_symlink(const char *link, const char *target) {
 }
 static void globbing(const char *pattern) {
+        EUID_ASSERT();
        assert(pattern);
        // globbing
@@ -341,12 +332,8 @@ static void tmpfs_topdirs(const TopDir *topdirs) {
                        // restore /run/firejail directory
                        if (mkdir(RUN_FIREJAIL_DIR, 0755) == -1)
                                errExit("mkdir");
-                        char *proc;
+                        if (bind_mount_fd_to_path(fd, RUN_FIREJAIL_DIR))
-                        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
-                                errExit("asprintf");
-                        if (mount(proc, RUN_FIREJAIL_DIR, NULL, MS_BIND | MS_REC, NULL) < 0)
                                errExit("mount bind");
-                        free(proc);
                        close(fd);
                        fs_logger2("whitelist", RUN_FIREJAIL_DIR);

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 258f023f6..370035a4d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -195,15 +195,7 @@ static void whitelist_file(int dirfd, const char relpath, const char path) {
195		195
196	if (arg_debug \|\| arg_debug_whitelists)	196	if (arg_debug \|\| arg_debug_whitelists)
197	printf("Whitelisting %s\n", path);	197	printf("Whitelisting %s\n", path);
198		198	if (bind_mount_by_fd(fd, fd3))
199	// in order to make this mount resilient against symlink attacks, use
200	// magic links in /proc/self/fd instead of mounting the paths directly
201	char proc_src, proc_dst;
202	if (asprintf(&proc_src, "/proc/self/fd/%d", fd) == -1)
203	errExit("asprintf");
204	if (asprintf(&proc_dst, "/proc/self/fd/%d", fd3) == -1)
205	errExit("asprintf");
206	if (mount(proc_src, proc_dst, NULL, MS_BIND \| MS_REC, NULL) < 0)
207	errExit("mount bind");	199	errExit("mount bind");
208	// check the last mount operation	200	// check the last mount operation
209	MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found	201	MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found
@@ -221,8 +213,6 @@ static void whitelist_file(int dirfd, const char relpath, const char path) {
221	// - there should be more than one '/' char in dest string	213	// - there should be more than one '/' char in dest string
222	if (mptr->dir == strrchr(mptr->dir, '/'))	214	if (mptr->dir == strrchr(mptr->dir, '/'))
223	errLogExit("invalid whitelist mount");	215	errLogExit("invalid whitelist mount");
224	free(proc_src);
225	free(proc_dst);
226	close(fd);	216	close(fd);
227	close(fd3);	217	close(fd3);
228	fs_logger2("whitelist", path);	218	fs_logger2("whitelist", path);
@@ -267,6 +257,7 @@ static void whitelist_symlink(const char link, const char target) {
267	}	257	}
268		258
269	static void globbing(const char *pattern) {	259	static void globbing(const char *pattern) {
		260	EUID_ASSERT();
270	assert(pattern);	261	assert(pattern);
271		262
272	// globbing	263	// globbing
@@ -341,12 +332,8 @@ static void tmpfs_topdirs(const TopDir *topdirs) {
341	// restore /run/firejail directory	332	// restore /run/firejail directory
342	if (mkdir(RUN_FIREJAIL_DIR, 0755) == -1)	333	if (mkdir(RUN_FIREJAIL_DIR, 0755) == -1)
343	errExit("mkdir");	334	errExit("mkdir");
344	char *proc;	335	if (bind_mount_fd_to_path(fd, RUN_FIREJAIL_DIR))
345	if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
346	errExit("asprintf");
347	if (mount(proc, RUN_FIREJAIL_DIR, NULL, MS_BIND \| MS_REC, NULL) < 0)
348	errExit("mount bind");	336	errExit("mount bind");
349	free(proc);
350	close(fd);	337	close(fd);
351	fs_logger2("whitelist", RUN_FIREJAIL_DIR);	338	fs_logger2("whitelist", RUN_FIREJAIL_DIR);
352		339