From 2131e7379f1fa2531321ee4b0ea50bcb2c8156b8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 25 Mar 2017 11:44:02 -0400 Subject: reverted back commit 22414ad - TOCTOU condition found by Martin Carpenter --- src/firejail/fs.c | 2 ++ src/firejail/profile.c | 15 ++------------- 2 files changed, 4 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3413febcb..e1bac33f3 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -481,6 +481,7 @@ void fs_mnt(void) { void fs_cache(void) { +#if 0 if (arg_debug) printf("Deploy ~/.cache tmpfs\n"); char *cache; @@ -488,6 +489,7 @@ void fs_cache(void) { errExit("asprintf"); disable_file(MOUNT_TMPFS, cache); free(cache); +#endif } // mount /proc and /sys directories diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 4b3cab041..993acf2aa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -970,19 +970,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { ptr += 7; else if (strncmp(ptr, "tmpfs ", 6) == 0) { if (getuid() != 0) { - // allow a non-root user to mount tmpfs in user home directory, links are not allowed - invalid_filename(ptr + 6); - char *newfname = expand_home(ptr + 6, cfg.homedir); - assert(newfname); - if (is_link(newfname)) { - fprintf(stderr, "Error: for regular user, tmpfs is not available for symbolic links\n"); - exit(1); - } - if (strncmp(newfname, cfg.homedir, strlen(cfg.homedir)) != 0) { - fprintf(stderr, "Error: for regular user, tmpfs is available only for files in user home directory\n"); - exit(1); - } - free(newfname); + fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n"); + exit(1); } ptr += 6; } -- cgit v1.2.3-70-g09d2