1 files changed, 19 insertions, 77 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 8af555ea2..07ac25dca 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -165,84 +165,28 @@ void run_no_sandbox(int argc, char **argv) {
        // process limited subset of options
        int i;
        for (i = 0; i < argc; i++) {
-                if (strcmp(argv[i], "--csh") == 0) {
+                if (strcmp(argv[i], "--debug") == 0)
-                        if (arg_shell_none) {
+                        arg_debug = 1;
-                                fprintf(stderr, "Error: --shell=none was already specified.\n");
+                else if (strcmp(argv[i], "--csh") == 0 ||
-                                exit(1);
+                    strcmp(argv[i], "--zsh") == 0 ||
-                        }
+                    strcmp(argv[i], "--shell=none") == 0 ||
-                        if (cfg.shell) {
+                    strncmp(argv[i], "--shell=", 8) == 0)
-                                fprintf(stderr, "Error: only one default user shell can be specified\n");
+                        fprintf(stderr, "Warning: shell-related command line options are disregarded - using SHELL environment variable");
-                                exit(1);
-                        }
-                        cfg.shell = "/bin/csh";
-                }
-                else if (strcmp(argv[i], "--zsh") == 0) {
-                        if (arg_shell_none) {
-                                fprintf(stderr, "Error: --shell=none was already specified.\n");
-                                exit(1);
-                        }
-                        if (cfg.shell) {
-                                fprintf(stderr, "Error: only one default user shell can be specified\n");
-                                exit(1);
-                        }
-                        cfg.shell = "/bin/zsh";
-                }
-                else if (strcmp(argv[i], "--shell=none") == 0) {
-                        arg_shell_none = 1;
-                        if (cfg.shell) {
-                                fprintf(stderr, "Error: a shell was already specified\n");
-                                exit(1);
-                        }
-                }
-                else if (strncmp(argv[i], "--shell=", 8) == 0) {
-                        if (arg_shell_none) {
-                                fprintf(stderr, "Error: --shell=none was already specified.\n");
-                                exit(1);
-                        }
-                        invalid_filename(argv[i] + 8);
-                        if (cfg.shell) {
-                                fprintf(stderr, "Error: only one user shell can be specified\n");
-                                exit(1);
-                        }
-                        cfg.shell = argv[i] + 8;
-                        if (is_dir(cfg.shell) || strstr(cfg.shell, "..")) {
-                                fprintf(stderr, "Error: invalid shell\n");
-                                exit(1);
-                        }
-                        // access call checks as real UID/GID, not as effective UID/GID
-                        if(cfg.chrootdir) {
-                                char *shellpath;
-                                if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
-                                        errExit("asprintf");
-                                if (access(shellpath, R_OK)) {
-                                        fprintf(stderr, "Error: cannot access shell file in chroot\n");
-                                        exit(1);
-                                }
-                                free(shellpath);
-                        } else if (access(cfg.shell, R_OK)) {
-                                fprintf(stderr, "Error: cannot access shell file\n");
-                                exit(1);
-                        }
-                }
        }
        // use $SHELL to get shell used in sandbox
-        if (!arg_shell_none && !cfg.shell) {
+        char *shell =  getenv("SHELL");
-                char *shell =  getenv("SHELL");
+        if (shell && access(shell, R_OK) == 0)
-                if (shell && access(shell, R_OK) == 0)
+                cfg.shell = shell;
-                        cfg.shell = shell;
-        }
        // guess shell otherwise
-        if (!arg_shell_none && !cfg.shell) {
+        if (!cfg.shell) {
                cfg.shell = guess_shell();
                if (arg_debug)
                        printf("Autoselecting %s as shell\n", cfg.shell);
        }
-        if (!arg_shell_none && !cfg.shell) {
+        if (!cfg.shell) {
-                fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");
+                fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
                exit(1);
        }
@@ -266,13 +210,11 @@ void run_no_sandbox(int argc, char **argv) {
                }
        }
-        if (!arg_shell_none) {
+        if (prog_index == 0) {
-                if (prog_index == 0) {
+                cfg.command_line = cfg.shell;
-                        cfg.command_line = cfg.shell;
+                cfg.window_title = cfg.shell;
-                        cfg.window_title = cfg.shell;
+        } else {
-                } else {
+                build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
-                        build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
-                }
        }
        cfg.original_argv = argv;

diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 8af555ea2..07ac25dca 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c
@@ -165,84 +165,28 @@ void run_no_sandbox(int argc, char **argv) {
165	// process limited subset of options	165	// process limited subset of options
166	int i;	166	int i;
167	for (i = 0; i < argc; i++) {	167	for (i = 0; i < argc; i++) {
168	if (strcmp(argv[i], "--csh") == 0) {	168	if (strcmp(argv[i], "--debug") == 0)
169	if (arg_shell_none) {	169	arg_debug = 1;
170	fprintf(stderr, "Error: --shell=none was already specified.\n");	170	else if (strcmp(argv[i], "--csh") == 0 \|\|
171	exit(1);	171	strcmp(argv[i], "--zsh") == 0 \|\|
172	}	172	strcmp(argv[i], "--shell=none") == 0 \|\|
173	if (cfg.shell) {	173	strncmp(argv[i], "--shell=", 8) == 0)
174	fprintf(stderr, "Error: only one default user shell can be specified\n");	174	fprintf(stderr, "Warning: shell-related command line options are disregarded - using SHELL environment variable");
175	exit(1);
176	}
177	cfg.shell = "/bin/csh";
178	}
179	else if (strcmp(argv[i], "--zsh") == 0) {
180	if (arg_shell_none) {
181	fprintf(stderr, "Error: --shell=none was already specified.\n");
182	exit(1);
183	}
184	if (cfg.shell) {
185	fprintf(stderr, "Error: only one default user shell can be specified\n");
186	exit(1);
187	}
188	cfg.shell = "/bin/zsh";
189	}
190	else if (strcmp(argv[i], "--shell=none") == 0) {
191	arg_shell_none = 1;
192	if (cfg.shell) {
193	fprintf(stderr, "Error: a shell was already specified\n");
194	exit(1);
195	}
196	}
197	else if (strncmp(argv[i], "--shell=", 8) == 0) {
198	if (arg_shell_none) {
199	fprintf(stderr, "Error: --shell=none was already specified.\n");
200	exit(1);
201	}
202	invalid_filename(argv[i] + 8);
203
204	if (cfg.shell) {
205	fprintf(stderr, "Error: only one user shell can be specified\n");
206	exit(1);
207	}
208	cfg.shell = argv[i] + 8;
209
210	if (is_dir(cfg.shell) \|\| strstr(cfg.shell, "..")) {
211	fprintf(stderr, "Error: invalid shell\n");
212	exit(1);
213	}
214
215	// access call checks as real UID/GID, not as effective UID/GID
216	if(cfg.chrootdir) {
217	char *shellpath;
218	if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
219	errExit("asprintf");
220	if (access(shellpath, R_OK)) {
221	fprintf(stderr, "Error: cannot access shell file in chroot\n");
222	exit(1);
223	}
224	free(shellpath);
225	} else if (access(cfg.shell, R_OK)) {
226	fprintf(stderr, "Error: cannot access shell file\n");
227	exit(1);
228	}
229	}
230	}	175	}
231		176
232	// use $SHELL to get shell used in sandbox	177	// use $SHELL to get shell used in sandbox
233	if (!arg_shell_none && !cfg.shell) {	178	char *shell = getenv("SHELL");
234	char *shell = getenv("SHELL");	179	if (shell && access(shell, R_OK) == 0)
235	if (shell && access(shell, R_OK) == 0)	180	cfg.shell = shell;
236	cfg.shell = shell;	181
237	}
238	// guess shell otherwise	182	// guess shell otherwise
239	if (!arg_shell_none && !cfg.shell) {	183	if (!cfg.shell) {
240	cfg.shell = guess_shell();	184	cfg.shell = guess_shell();
241	if (arg_debug)	185	if (arg_debug)
242	printf("Autoselecting %s as shell\n", cfg.shell);	186	printf("Autoselecting %s as shell\n", cfg.shell);
243	}	187	}
244	if (!arg_shell_none && !cfg.shell) {	188	if (!cfg.shell) {
245	fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");	189	fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
246	exit(1);	190	exit(1);
247	}	191	}
248		192
@@ -266,13 +210,11 @@ void run_no_sandbox(int argc, char **argv) {
266	}	210	}
267	}	211	}
268		212
269	if (!arg_shell_none) {	213	if (prog_index == 0) {
270	if (prog_index == 0) {	214	cfg.command_line = cfg.shell;
271	cfg.command_line = cfg.shell;	215	cfg.window_title = cfg.shell;
272	cfg.window_title = cfg.shell;	216	} else {
273	} else {	217	build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
274	build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
275	}
276	}	218	}
277		219
278	cfg.original_argv = argv;	220	cfg.original_argv = argv;