diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 14 | ||||
-rw-r--r-- | src/firejail/ls.c | 6 | ||||
-rw-r--r-- | src/firejail/main.c | 11 | ||||
-rw-r--r-- | src/firejail/util.c | 10 |
5 files changed, 39 insertions, 3 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index b526b5e00..9c4dcc9a6 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -369,6 +369,7 @@ char *expand_home(const char *path, const char* homedir); | |||
369 | const char *gnu_basename(const char *path); | 369 | const char *gnu_basename(const char *path); |
370 | uid_t pid_get_uid(pid_t pid); | 370 | uid_t pid_get_uid(pid_t pid); |
371 | void invalid_filename(const char *fname); | 371 | void invalid_filename(const char *fname); |
372 | uid_t get_tty_gid(void); | ||
372 | 373 | ||
373 | // fs_var.c | 374 | // fs_var.c |
374 | void fs_var_log(void); // mounting /var/log | 375 | void fs_var_log(void); // mounting /var/log |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 5c645b8da..2fd450391 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -178,9 +178,21 @@ void fs_private_dev(void){ | |||
178 | create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2"); | 178 | create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2"); |
179 | fs_logger("mknod /dev/pts/ptmx"); | 179 | fs_logger("mknod /dev/pts/ptmx"); |
180 | create_link("/dev/pts/ptmx", "/dev/ptmx"); | 180 | create_link("/dev/pts/ptmx", "/dev/ptmx"); |
181 | |||
182 | // code before github issue #351 | ||
181 | // mount -vt devpts -o newinstance -o ptmxmode=0666 devpts //dev/pts | 183 | // mount -vt devpts -o newinstance -o ptmxmode=0666 devpts //dev/pts |
182 | if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, "newinstance,ptmxmode=0666") < 0) | 184 | // if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, "newinstance,ptmxmode=0666") < 0) |
185 | // errExit("mounting /dev/pts"); | ||
186 | |||
187 | |||
188 | // mount /dev/pts | ||
189 | gid_t ttygid = get_tty_gid(); | ||
190 | char *data; | ||
191 | if (asprintf(&data, "newinstance,gid=%d,mode=620,ptmxmode=0666", (int) ttygid) == -1) | ||
192 | errExit("asprintf"); | ||
193 | if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, data) < 0) | ||
183 | errExit("mounting /dev/pts"); | 194 | errExit("mounting /dev/pts"); |
195 | free(data); | ||
184 | fs_logger("clone /dev/pts"); | 196 | fs_logger("clone /dev/pts"); |
185 | 197 | ||
186 | #if 0 | 198 | #if 0 |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index b814af445..90ef43a62 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -255,6 +255,12 @@ void ls(pid_t pid, const char *path) { | |||
255 | exit(1); | 255 | exit(1); |
256 | } | 256 | } |
257 | 257 | ||
258 | // access chek is performed with the real UID | ||
259 | if (access(fname, R_OK) == -1) { | ||
260 | fprintf(stderr, "Error: Cannot access file %s\n", fname); | ||
261 | exit(1); | ||
262 | } | ||
263 | |||
258 | // list directory contents | 264 | // list directory contents |
259 | struct stat s; | 265 | struct stat s; |
260 | if (stat(fname, &s) == -1) { | 266 | if (stat(fname, &s) == -1) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 68606a313..e2f197a92 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1746,8 +1746,15 @@ int main(int argc, char **argv) { | |||
1746 | if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1) | 1746 | if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1) |
1747 | errExit("asprintf"); | 1747 | errExit("asprintf"); |
1748 | gid_t gid = getgid(); | 1748 | gid_t gid = getgid(); |
1749 | if (asprintf(&map, "%d %d 1", gid, gid) == -1) | 1749 | gid_t ttygid = get_tty_gid(); |
1750 | errExit("asprintf"); | 1750 | if (ttygid == 0) { |
1751 | if (asprintf(&map, "%d %d 1", gid, gid) == -1) | ||
1752 | errExit("asprintf"); | ||
1753 | } | ||
1754 | else { | ||
1755 | if (asprintf(&map, "%d %d 1\n%d %d 1", gid, gid, ttygid, ttygid) == -1) | ||
1756 | errExit("asprintf"); | ||
1757 | } | ||
1751 | EUID_ROOT(); | 1758 | EUID_ROOT(); |
1752 | update_map(map, map_path); | 1759 | update_map(map, map_path); |
1753 | EUID_USER(); | 1760 | EUID_USER(); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 3463095f9..c62f4285c 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -629,3 +629,13 @@ void invalid_filename(const char *fname) { | |||
629 | exit(1); | 629 | exit(1); |
630 | } | 630 | } |
631 | } | 631 | } |
632 | |||
633 | uid_t get_tty_gid(void) { | ||
634 | // find tty group id | ||
635 | gid_t ttygid = 0; | ||
636 | struct group *g = getgrnam("tty"); | ||
637 | if (g) | ||
638 | ttygid = g->gr_gid; | ||
639 | |||
640 | return ttygid; | ||
641 | } | ||