1 files changed, 32 insertions, 21 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0f0086a6e..7a9521e42 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -861,19 +861,20 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 }
 char *guess_shell(void) {
-        char *shell = NULL;
+        const char *shell;
+        char *retval;
        struct stat s;
-        shell = getenv("SHELL");
+        shell = env_get("SHELL");
        if (shell) {
                invalid_filename(shell, 0); // no globbing
                if (!is_dir(shell) && strstr(shell, "..") == NULL && stat(shell, &s) == 0 && access(shell, X_OK) == 0 &&
                    strcmp(shell, PATH_FIREJAIL) != 0)
-                        return shell;
+                        goto found;
        }
        // shells in order of preference
-        char *shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL };
+        static const char * const shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL };
        int i = 0;
        while (shells[i] != NULL) {
@@ -884,8 +885,11 @@ char *guess_shell(void) {
                }
                i++;
        }
+ found:
-        return shell;
+        retval = strdup(shell);
+        if (!retval)
+                errExit("strdup");
+        return retval;
 }
 // return argument index
@@ -926,9 +930,13 @@ static void run_builder(int argc, char **argv) {
        if (setresuid(-1, getuid(), getuid()) != 0)
                errExit("setresuid");
+        assert(env_get("LD_PRELOAD") == NULL);
        assert(getenv("LD_PRELOAD") == NULL);
        umask(orig_umask);
+        // restore some environment variables
+        env_apply_whitelist_sbox();
        argv[0] = LIBDIR "/firejail/fbuilder";
        execvp(argv[0], argv);
@@ -994,6 +1002,16 @@ int main(int argc, char **argv, char **envp) {
                exit(1);
        }
+        // Stash environment variables
+        for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++)
+                env_store(*ptr, SETENV_ALLOW_EMPTY);
+        // sanity check for environment variables
+        if (i >= MAX_ENVS) {
+                fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
+                exit(1);
+        }
        // sanity check for arguments
        for (i = 0; i < argc; i++) {
                if (*argv[i] == 0) {
@@ -1005,29 +1023,19 @@ int main(int argc, char **argv, char **envp) {
                        exit(1);
                }
                // Also remove requested environment variables
-                // entirely to avoid tripping the length check below
                if (strncmp(argv[i], "--rmenv=", 8) == 0)
-                        unsetenv(argv[i] + 8);
+                        env_store(argv[i] + 8, RMENV);
        }
-        // sanity check for environment variables
+        // Reapply a minimal set of environment variables
-        for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) {
+        env_apply_whitelist();
-                if (strlen(*ptr) >= MAX_ENV_LEN) {
-                        fprintf(stderr, "Error: too long environment variables, please use --rmenv\n");
-                        exit(1);
-                }
-        }
-        if (i >= MAX_ENVS) {
-                fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
-                exit(1);
-        }
        // check if the user is allowed to use firejail
        init_cfg(argc, argv);
        // get starting timestamp, process --quiet
        timetrace_start();
-        char *env_quiet = getenv("FIREJAIL_QUIET");
+        const char *env_quiet = env_get("FIREJAIL_QUIET");
        if (check_arg(argc, argv, "--quiet", 1) || (env_quiet && strcmp(env_quiet, "yes") == 0))
                arg_quiet = 1;
@@ -1037,7 +1045,7 @@ int main(int argc, char **argv, char **envp) {
        // build /run/firejail directory structure
        preproc_build_firejail_dir();
-        char *container_name = getenv("container");
+        const char *container_name = env_get("container");
        if (!container_name || strcmp(container_name, "firejail")) {
                lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
                if (lockfd_directory != -1) {
@@ -1170,6 +1178,9 @@ int main(int argc, char **argv, char **envp) {
                                                        drop_privs(1);
                                                        umask(orig_umask);
+                                                        // restore original environment variables
+                                                        env_apply_all();
                                                        int rv = system(argv[2]);
                                                        exit(rv);
                                                }

diff --git a/src/firejail/main.c b/src/firejail/main.c index 0f0086a6e..7a9521e42 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -861,19 +861,20 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
861	}	861	}
862		862
863	char *guess_shell(void) {	863	char *guess_shell(void) {
864	char *shell = NULL;	864	const char *shell;
		865	char *retval;
865	struct stat s;	866	struct stat s;
866		867
867	shell = getenv("SHELL");	868	shell = env_get("SHELL");
868	if (shell) {	869	if (shell) {
869	invalid_filename(shell, 0); // no globbing	870	invalid_filename(shell, 0); // no globbing
870	if (!is_dir(shell) && strstr(shell, "..") == NULL && stat(shell, &s) == 0 && access(shell, X_OK) == 0 &&	871	if (!is_dir(shell) && strstr(shell, "..") == NULL && stat(shell, &s) == 0 && access(shell, X_OK) == 0 &&
871	strcmp(shell, PATH_FIREJAIL) != 0)	872	strcmp(shell, PATH_FIREJAIL) != 0)
872	return shell;	873	goto found;
873	}	874	}
874		875
875	// shells in order of preference	876	// shells in order of preference
876	char *shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL };	877	static const char * const shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL };
877		878
878	int i = 0;	879	int i = 0;
879	while (shells[i] != NULL) {	880	while (shells[i] != NULL) {
@@ -884,8 +885,11 @@ char *guess_shell(void) {
884	}	885	}
885	i++;	886	i++;
886	}	887	}
887		888	found:
888	return shell;	889	retval = strdup(shell);
		890	if (!retval)
		891	errExit("strdup");
		892	return retval;
889	}	893	}
890		894
891	// return argument index	895	// return argument index
@@ -926,9 +930,13 @@ static void run_builder(int argc, char **argv) {
926	if (setresuid(-1, getuid(), getuid()) != 0)	930	if (setresuid(-1, getuid(), getuid()) != 0)
927	errExit("setresuid");	931	errExit("setresuid");
928		932
		933	assert(env_get("LD_PRELOAD") == NULL);
929	assert(getenv("LD_PRELOAD") == NULL);	934	assert(getenv("LD_PRELOAD") == NULL);
930	umask(orig_umask);	935	umask(orig_umask);
931		936
		937	// restore some environment variables
		938	env_apply_whitelist_sbox();
		939
932	argv[0] = LIBDIR "/firejail/fbuilder";	940	argv[0] = LIBDIR "/firejail/fbuilder";
933	execvp(argv[0], argv);	941	execvp(argv[0], argv);
934		942
@@ -994,6 +1002,16 @@ int main(int argc, char argv, char envp) {
994	exit(1);	1002	exit(1);
995	}	1003	}
996		1004
		1005	// Stash environment variables
		1006	for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++)
		1007	env_store(*ptr, SETENV_ALLOW_EMPTY);
		1008
		1009	// sanity check for environment variables
		1010	if (i >= MAX_ENVS) {
		1011	fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
		1012	exit(1);
		1013	}
		1014
997	// sanity check for arguments	1015	// sanity check for arguments
998	for (i = 0; i < argc; i++) {	1016	for (i = 0; i < argc; i++) {
999	if (*argv[i] == 0) {	1017	if (*argv[i] == 0) {
@@ -1005,29 +1023,19 @@ int main(int argc, char argv, char envp) {
1005	exit(1);	1023	exit(1);
1006	}	1024	}
1007	// Also remove requested environment variables	1025	// Also remove requested environment variables
1008	// entirely to avoid tripping the length check below
1009	if (strncmp(argv[i], "--rmenv=", 8) == 0)	1026	if (strncmp(argv[i], "--rmenv=", 8) == 0)
1010	unsetenv(argv[i] + 8);	1027	env_store(argv[i] + 8, RMENV);
1011	}	1028	}
1012		1029
1013	// sanity check for environment variables	1030	// Reapply a minimal set of environment variables
1014	for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) {	1031	env_apply_whitelist();
1015	if (strlen(*ptr) >= MAX_ENV_LEN) {
1016	fprintf(stderr, "Error: too long environment variables, please use --rmenv\n");
1017	exit(1);
1018	}
1019	}
1020	if (i >= MAX_ENVS) {
1021	fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
1022	exit(1);
1023	}
1024		1032
1025	// check if the user is allowed to use firejail	1033	// check if the user is allowed to use firejail
1026	init_cfg(argc, argv);	1034	init_cfg(argc, argv);
1027		1035
1028	// get starting timestamp, process --quiet	1036	// get starting timestamp, process --quiet
1029	timetrace_start();	1037	timetrace_start();
1030	char *env_quiet = getenv("FIREJAIL_QUIET");	1038	const char *env_quiet = env_get("FIREJAIL_QUIET");
1031	if (check_arg(argc, argv, "--quiet", 1) \|\| (env_quiet && strcmp(env_quiet, "yes") == 0))	1039	if (check_arg(argc, argv, "--quiet", 1) \|\| (env_quiet && strcmp(env_quiet, "yes") == 0))
1032	arg_quiet = 1;	1040	arg_quiet = 1;
1033		1041
@@ -1037,7 +1045,7 @@ int main(int argc, char argv, char envp) {
1037		1045
1038	// build /run/firejail directory structure	1046	// build /run/firejail directory structure
1039	preproc_build_firejail_dir();	1047	preproc_build_firejail_dir();
1040	char *container_name = getenv("container");	1048	const char *container_name = env_get("container");
1041	if (!container_name \|\| strcmp(container_name, "firejail")) {	1049	if (!container_name \|\| strcmp(container_name, "firejail")) {
1042	lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY \| O_CREAT, S_IRUSR \| S_IWUSR);	1050	lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY \| O_CREAT, S_IRUSR \| S_IWUSR);
1043	if (lockfd_directory != -1) {	1051	if (lockfd_directory != -1) {
@@ -1170,6 +1178,9 @@ int main(int argc, char argv, char envp) {
1170		1178
1171	drop_privs(1);	1179	drop_privs(1);
1172	umask(orig_umask);	1180	umask(orig_umask);
		1181
		1182	// restore original environment variables
		1183	env_apply_all();
1173	int rv = system(argv[2]);	1184	int rv = system(argv[2]);
1174	exit(rv);	1185	exit(rv);
1175	}	1186	}