From e69c1df95e604db3945538ee9c1f72c8fbe89483 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Mon, 27 Nov 2023 03:31:21 -0300 Subject: feature: expand simple macros in more commands This includes macros such as `${HOME}` and `${RUNUSER}`. Commands: * --chroot= * --netfilter= * --netfilter6= * --trace= Closes #6032. Reported-by: @michelesr --- src/firejail/main.c | 40 ++++------------------------------------ src/firejail/profile.c | 8 ++------ 2 files changed, 6 insertions(+), 42 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index 0c9c80137..0327f8bda 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1572,7 +1572,7 @@ int main(int argc, char **argv, char **envp) { arg_trace = 1; else if (strncmp(argv[i], "--trace=", 8) == 0) { arg_trace = 1; - arg_tracefile = argv[i] + 8; + arg_tracefile = expand_macros(argv[i] + 8); if (*arg_tracefile == '\0') { fprintf(stderr, "Error: invalid trace option\n"); exit(1); @@ -1582,13 +1582,6 @@ int main(int argc, char **argv, char **envp) { fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile); exit(1); } - // if the filename starts with ~, expand the home directory - if (*arg_tracefile == '~') { - char *tmp; - if (asprintf(&tmp, "%s%s", cfg.homedir, arg_tracefile + 1) == -1) - errExit("asprintf"); - arg_tracefile = tmp; - } } else if (strcmp(argv[i], "--tracelog") == 0) { if (checkcfg(CFG_TRACELOG)) @@ -1953,20 +1946,13 @@ int main(int argc, char **argv, char **envp) { } // extract chroot dirname - cfg.chrootdir = argv[i] + 9; + cfg.chrootdir = expand_macros(argv[i] + 9); if (*cfg.chrootdir == '\0') { fprintf(stderr, "Error: invalid chroot option\n"); exit(1); } invalid_filename(cfg.chrootdir, 0); // no globbing - // if the directory starts with ~, expand the home directory - if (*cfg.chrootdir == '~') { - char *tmp; - if (asprintf(&tmp, "%s%s", cfg.homedir, cfg.chrootdir + 1) == -1) - errExit("asprintf"); - cfg.chrootdir = tmp; - } // check chroot directory fs_check_chroot_dir(); } @@ -2748,16 +2734,7 @@ int main(int argc, char **argv, char **envp) { else if (strncmp(argv[i], "--netfilter=", 12) == 0) { if (checkcfg(CFG_NETWORK)) { arg_netfilter = 1; - arg_netfilter_file = argv[i] + 12; - - // expand tilde - if (*arg_netfilter_file == '~') { - char *tmp; - if (asprintf(&tmp, "%s%s", cfg.homedir, arg_netfilter_file + 1) == -1) - errExit("asprintf"); - arg_netfilter_file = tmp; - } - + arg_netfilter_file = expand_macros(argv[i] + 12); check_netfilter_file(arg_netfilter_file); } else @@ -2767,16 +2744,7 @@ int main(int argc, char **argv, char **envp) { else if (strncmp(argv[i], "--netfilter6=", 13) == 0) { if (checkcfg(CFG_NETWORK)) { arg_netfilter6 = 1; - arg_netfilter6_file = argv[i] + 13; - - // expand tilde - if (*arg_netfilter6_file == '~') { - char *tmp; - if (asprintf(&tmp, "%s%s", cfg.homedir, arg_netfilter6_file + 1) == -1) - errExit("asprintf"); - arg_netfilter6_file = tmp; - } - + arg_netfilter6_file = expand_macros(argv[i] + 13); check_netfilter_file(arg_netfilter6_file); } else diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8cc5c1166..0f60e9b7d 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -635,9 +635,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { #ifdef HAVE_NETWORK if (checkcfg(CFG_NETWORK)) { arg_netfilter = 1; - arg_netfilter_file = strdup(ptr + 10); - if (!arg_netfilter_file) - errExit("strdup"); + arg_netfilter_file = expand_macros(ptr + 10); check_netfilter_file(arg_netfilter_file); } else @@ -649,9 +647,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { #ifdef HAVE_NETWORK if (checkcfg(CFG_NETWORK)) { arg_netfilter6 = 1; - arg_netfilter6_file = strdup(ptr + 11); - if (!arg_netfilter6_file) - errExit("strdup"); + arg_netfilter6_file = expand_macros(ptr + 11); check_netfilter_file(arg_netfilter6_file); } else -- cgit v1.2.3-70-g09d2