diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index bdb8e0df5..27e2a7f1a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1365,6 +1365,13 @@ int main(int argc, char **argv) { | |||
| 1365 | fprintf(stderr, "Error: invalid overlay option\n"); | 1365 | fprintf(stderr, "Error: invalid overlay option\n"); |
| 1366 | exit(1); | 1366 | exit(1); |
| 1367 | } | 1367 | } |
| 1368 | |||
| 1369 | // check name | ||
| 1370 | invalid_filename(subdirname); | ||
| 1371 | if (strstr(subdirname, "..") || strstr(subdirname, "/")) { | ||
| 1372 | fprintf(stderr, "Error: invalid overlay name\n"); | ||
| 1373 | exit(1); | ||
| 1374 | } | ||
| 1368 | cfg.overlay_dir = fs_check_overlay_dir(subdirname, arg_overlay_reuse); | 1375 | cfg.overlay_dir = fs_check_overlay_dir(subdirname, arg_overlay_reuse); |
| 1369 | } | 1376 | } |
| 1370 | else { | 1377 | else { |
| @@ -1373,6 +1380,7 @@ int main(int argc, char **argv) { | |||
| 1373 | } | 1380 | } |
| 1374 | 1381 | ||
| 1375 | } | 1382 | } |
| 1383 | #if 0 // disabled for now, it could be used to overwrite system directories | ||
| 1376 | else if (strncmp(argv[i], "--overlay-path=", 15) == 0) { | 1384 | else if (strncmp(argv[i], "--overlay-path=", 15) == 0) { |
| 1377 | if (checkcfg(CFG_OVERLAYFS)) { | 1385 | if (checkcfg(CFG_OVERLAYFS)) { |
| 1378 | if (cfg.chrootdir) { | 1386 | if (cfg.chrootdir) { |
| @@ -1400,6 +1408,7 @@ int main(int argc, char **argv) { | |||
| 1400 | exit(1); | 1408 | exit(1); |
| 1401 | } | 1409 | } |
| 1402 | } | 1410 | } |
| 1411 | #endif | ||
| 1403 | else if (strcmp(argv[i], "--overlay-tmpfs") == 0) { | 1412 | else if (strcmp(argv[i], "--overlay-tmpfs") == 0) { |
| 1404 | if (checkcfg(CFG_OVERLAYFS)) { | 1413 | if (checkcfg(CFG_OVERLAYFS)) { |
| 1405 | if (cfg.chrootdir) { | 1414 | if (cfg.chrootdir) { |