diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e8664e914..5c83239ef 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1659,35 +1659,21 @@ int main(int argc, char **argv) { | |||
1659 | fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n"); | 1659 | fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n"); |
1660 | exit(1); | 1660 | exit(1); |
1661 | } | 1661 | } |
1662 | 1662 | if (*(argv[i] + 9) == '\0') { | |
1663 | 1663 | fprintf(stderr, "Error: invalid chroot option\n"); | |
1664 | exit(1); | ||
1665 | } | ||
1664 | invalid_filename(argv[i] + 9, 0); // no globbing | 1666 | invalid_filename(argv[i] + 9, 0); // no globbing |
1665 | 1667 | ||
1666 | // extract chroot dirname | 1668 | // extract chroot dirname |
1667 | cfg.chrootdir = argv[i] + 9; | 1669 | char *tmp = argv[i] + 9; |
1668 | // if the directory starts with ~, expand the home directory | 1670 | // if the directory starts with ~, expand the home directory |
1669 | if (*cfg.chrootdir == '~') { | 1671 | if (*(argv[i] + 9) == '~') { |
1670 | char *tmp; | 1672 | if (asprintf(&tmp, "%s%s", cfg.homedir, argv[i] + 10) == -1) |
1671 | if (asprintf(&tmp, "%s%s", cfg.homedir, cfg.chrootdir + 1) == -1) | ||
1672 | errExit("asprintf"); | 1673 | errExit("asprintf"); |
1673 | cfg.chrootdir = tmp; | ||
1674 | } | 1674 | } |
1675 | 1675 | // check chroot directory | |
1676 | if (strstr(cfg.chrootdir, "..") || is_link(cfg.chrootdir)) { | 1676 | cfg.chrootdir = fs_check_chroot_dir(tmp); |
1677 | fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir); | ||
1678 | return 1; | ||
1679 | } | ||
1680 | |||
1681 | // check chroot dirname exists, don't allow "--chroot=/" | ||
1682 | char *rpath = realpath(cfg.chrootdir, NULL); | ||
1683 | if (rpath == NULL || strcmp(rpath, "/") == 0) { | ||
1684 | fprintf(stderr, "Error: invalid chroot directory\n"); | ||
1685 | exit(1); | ||
1686 | } | ||
1687 | cfg.chrootdir = rpath; | ||
1688 | |||
1689 | // check chroot directory structure | ||
1690 | fs_check_chroot_dir(cfg.chrootdir); | ||
1691 | } | 1677 | } |
1692 | else | 1678 | else |
1693 | exit_err_feature("chroot"); | 1679 | exit_err_feature("chroot"); |