diff options
Diffstat (limited to 'src/firejail/no_sandbox.c')
-rw-r--r-- | src/firejail/no_sandbox.c | 96 |
1 files changed, 19 insertions, 77 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 8af555ea2..07ac25dca 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -165,84 +165,28 @@ void run_no_sandbox(int argc, char **argv) { | |||
165 | // process limited subset of options | 165 | // process limited subset of options |
166 | int i; | 166 | int i; |
167 | for (i = 0; i < argc; i++) { | 167 | for (i = 0; i < argc; i++) { |
168 | if (strcmp(argv[i], "--csh") == 0) { | 168 | if (strcmp(argv[i], "--debug") == 0) |
169 | if (arg_shell_none) { | 169 | arg_debug = 1; |
170 | fprintf(stderr, "Error: --shell=none was already specified.\n"); | 170 | else if (strcmp(argv[i], "--csh") == 0 || |
171 | exit(1); | 171 | strcmp(argv[i], "--zsh") == 0 || |
172 | } | 172 | strcmp(argv[i], "--shell=none") == 0 || |
173 | if (cfg.shell) { | 173 | strncmp(argv[i], "--shell=", 8) == 0) |
174 | fprintf(stderr, "Error: only one default user shell can be specified\n"); | 174 | fprintf(stderr, "Warning: shell-related command line options are disregarded - using SHELL environment variable"); |
175 | exit(1); | ||
176 | } | ||
177 | cfg.shell = "/bin/csh"; | ||
178 | } | ||
179 | else if (strcmp(argv[i], "--zsh") == 0) { | ||
180 | if (arg_shell_none) { | ||
181 | fprintf(stderr, "Error: --shell=none was already specified.\n"); | ||
182 | exit(1); | ||
183 | } | ||
184 | if (cfg.shell) { | ||
185 | fprintf(stderr, "Error: only one default user shell can be specified\n"); | ||
186 | exit(1); | ||
187 | } | ||
188 | cfg.shell = "/bin/zsh"; | ||
189 | } | ||
190 | else if (strcmp(argv[i], "--shell=none") == 0) { | ||
191 | arg_shell_none = 1; | ||
192 | if (cfg.shell) { | ||
193 | fprintf(stderr, "Error: a shell was already specified\n"); | ||
194 | exit(1); | ||
195 | } | ||
196 | } | ||
197 | else if (strncmp(argv[i], "--shell=", 8) == 0) { | ||
198 | if (arg_shell_none) { | ||
199 | fprintf(stderr, "Error: --shell=none was already specified.\n"); | ||
200 | exit(1); | ||
201 | } | ||
202 | invalid_filename(argv[i] + 8); | ||
203 | |||
204 | if (cfg.shell) { | ||
205 | fprintf(stderr, "Error: only one user shell can be specified\n"); | ||
206 | exit(1); | ||
207 | } | ||
208 | cfg.shell = argv[i] + 8; | ||
209 | |||
210 | if (is_dir(cfg.shell) || strstr(cfg.shell, "..")) { | ||
211 | fprintf(stderr, "Error: invalid shell\n"); | ||
212 | exit(1); | ||
213 | } | ||
214 | |||
215 | // access call checks as real UID/GID, not as effective UID/GID | ||
216 | if(cfg.chrootdir) { | ||
217 | char *shellpath; | ||
218 | if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) | ||
219 | errExit("asprintf"); | ||
220 | if (access(shellpath, R_OK)) { | ||
221 | fprintf(stderr, "Error: cannot access shell file in chroot\n"); | ||
222 | exit(1); | ||
223 | } | ||
224 | free(shellpath); | ||
225 | } else if (access(cfg.shell, R_OK)) { | ||
226 | fprintf(stderr, "Error: cannot access shell file\n"); | ||
227 | exit(1); | ||
228 | } | ||
229 | } | ||
230 | } | 175 | } |
231 | 176 | ||
232 | // use $SHELL to get shell used in sandbox | 177 | // use $SHELL to get shell used in sandbox |
233 | if (!arg_shell_none && !cfg.shell) { | 178 | char *shell = getenv("SHELL"); |
234 | char *shell = getenv("SHELL"); | 179 | if (shell && access(shell, R_OK) == 0) |
235 | if (shell && access(shell, R_OK) == 0) | 180 | cfg.shell = shell; |
236 | cfg.shell = shell; | 181 | |
237 | } | ||
238 | // guess shell otherwise | 182 | // guess shell otherwise |
239 | if (!arg_shell_none && !cfg.shell) { | 183 | if (!cfg.shell) { |
240 | cfg.shell = guess_shell(); | 184 | cfg.shell = guess_shell(); |
241 | if (arg_debug) | 185 | if (arg_debug) |
242 | printf("Autoselecting %s as shell\n", cfg.shell); | 186 | printf("Autoselecting %s as shell\n", cfg.shell); |
243 | } | 187 | } |
244 | if (!arg_shell_none && !cfg.shell) { | 188 | if (!cfg.shell) { |
245 | fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n"); | 189 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); |
246 | exit(1); | 190 | exit(1); |
247 | } | 191 | } |
248 | 192 | ||
@@ -266,13 +210,11 @@ void run_no_sandbox(int argc, char **argv) { | |||
266 | } | 210 | } |
267 | } | 211 | } |
268 | 212 | ||
269 | if (!arg_shell_none) { | 213 | if (prog_index == 0) { |
270 | if (prog_index == 0) { | 214 | cfg.command_line = cfg.shell; |
271 | cfg.command_line = cfg.shell; | 215 | cfg.window_title = cfg.shell; |
272 | cfg.window_title = cfg.shell; | 216 | } else { |
273 | } else { | 217 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); |
274 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); | ||
275 | } | ||
276 | } | 218 | } |
277 | 219 | ||
278 | cfg.original_argv = argv; | 220 | cfg.original_argv = argv; |