From 5c85f2e8eef026fe8463500383a0e61f346d610c Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 3 Jul 2016 09:33:17 -0400
Subject: audit: checking files

---
 src/faudit/files.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/faudit/main.c  |  3 +++
 2 files changed, 76 insertions(+)
 create mode 100644 src/faudit/files.c

(limited to 'src/faudit')

diff --git a/src/faudit/files.c b/src/faudit/files.c
new file mode 100644
index 000000000..0463af66d
--- /dev/null
+++ b/src/faudit/files.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "faudit.h"
+#include <fcntl.h>
+#include <pwd.h>
+
+static char *username = NULL;
+static char *homedir = NULL;
+
+static void check_home_file(const char *name) {
+	assert(homedir);
+	
+	char *fname;
+	if (asprintf(&fname, "%s/%s", homedir, name) ==  -1)
+		errExit("asprintf");
+
+	if (access(fname, R_OK) == 0)
+		printf("UGLY: I can access files in %s directory\n", fname);
+	else
+		printf("GOOD: I cannot access files in %s directory\n", fname);
+	
+	free(fname);
+}
+
+void files_test(void) {
+	struct passwd *pw = getpwuid(getuid());
+	if (!pw) {
+		fprintf(stderr, "Error: cannot retrive user account information\n");
+		return;
+	}
+	
+	username = strdup(pw->pw_name);
+	if (!username)
+		errExit("strdup");
+	homedir = strdup(pw->pw_dir);
+	if (!homedir)
+		errExit("strdup");
+	
+	// check access to .ssh directory
+	check_home_file(".ssh");
+
+	// check access to .gnupg directory
+	check_home_file(".gnupg");
+
+	// check access to Firefox browser directory
+	check_home_file(".mozilla");
+
+	// check access to Chromium browser directory
+	check_home_file(".config/chromium");
+	
+	// check access to Debian Icedove directory
+	check_home_file(".icedove");
+	
+	// check access to Thunderbird directory
+	check_home_file(".thunderbird");
+}
diff --git a/src/faudit/main.c b/src/faudit/main.c
index cd358cc1a..2ed3aa2e1 100644
--- a/src/faudit/main.c
+++ b/src/faudit/main.c
@@ -53,6 +53,9 @@ int main(int argc, char **argv) {
 	// check seccomp
 	seccomp_test();
 	
+	// check some well-known problematic files
+	files_test();
+	
 	free(prog);
 	printf("--------------------------------------------------------------------------------\n");
 	return 0;
-- 
cgit v1.2.3-54-g00ecf