From 4df89ed447a18d73f24a6fb1ea3d67e84448e09a Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 19 Jun 2022 16:14:40 -0400 Subject: shell none set as default (2) --- src/firejail/main.c | 30 ++++++++++++------------------ src/firejail/sandbox.c | 21 ++++++++++++++++++++- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index 640605a6c..200a510a3 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -157,6 +157,7 @@ int arg_dbus_log_user = 0; int arg_dbus_log_system = 0; int arg_tab = 0; int login_shell = 0; +int just_run_the_shell = 0; int parent_to_child_fds[2]; int child_to_parent_fds[2]; @@ -795,15 +796,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { if (checkcfg(CFG_JOIN) || getuid() == 0) { logargs(argc, argv); - if (arg_shell_none) { - if (argc <= (i+1)) { - fprintf(stderr, "Error: --shell=none set, but no command specified\n"); - exit(1); - } - cfg.original_program_index = i + 1; - } - - if (!cfg.shell && !arg_shell_none) + if (argc <= (i+1)) + just_run_the_shell = 1; + cfg.original_program_index = i + 1; + if (!cfg.shell) cfg.shell = cfg.usershell; // join sandbox by pid or by name @@ -821,19 +817,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { if (checkcfg(CFG_JOIN) || getuid() == 0) { logargs(argc, argv); - if (arg_shell_none) { - if (argc <= (i+1)) { - fprintf(stderr, "Error: --shell=none set, but no command specified\n"); - exit(1); - } - cfg.original_program_index = i + 1; - } + if (argc <= (i+1)) + just_run_the_shell = 1; + cfg.original_program_index = i + 1; + + if (!cfg.shell) + cfg.shell = cfg.usershell; +printf("***** %d\n", just_run_the_shell); // try to join by name only pid_t pid; if (!read_pid(argv[i] + 16, &pid)) { - if (!cfg.shell && !arg_shell_none) - cfg.shell = cfg.usershell; join(pid, argc, argv, i + 1); exit(0); diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 4ad9eb678..7f74635ec 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -51,6 +51,7 @@ #endif static int force_nonewprivs = 0; +extern int just_run_the_shell; static int monitored_pid = 0; static void sandbox_handler(int sig){ @@ -506,10 +507,28 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD")); } + if (just_run_the_shell) { + char *arg[2]; + arg[0] = cfg.usershell; + arg[1] = NULL; + + if (!arg_command && !arg_quiet) + print_time(); + + __gcov_dump(); + + seccomp_install_filters(); + + if (set_sandbox_status) + *set_sandbox_status = SANDBOX_DONE; + execvp(arg[0], arg); + + + } //**************************************** // start the program without using a shell //**************************************** - if (arg_shell_none) { + else if (arg_shell_none) { if (arg_debug) { int i; for (i = cfg.original_program_index; i < cfg.original_argc; i++) { -- cgit v1.2.3-70-g09d2