From 4b4d752158e2a7164765c6c7247ef8b4d6014689 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 20 Jun 2022 08:18:13 -0400 Subject: deprecating --shell (#5196) --- src/firejail/env.c | 5 +-- src/firejail/firejail.h | 2 -- src/firejail/fs_home.c | 4 +-- src/firejail/fs_lib.c | 21 ++++++----- src/firejail/join.c | 18 +++++----- src/firejail/main.c | 88 +++++------------------------------------------ src/firejail/no_sandbox.c | 14 ++------ src/firejail/profile.c | 3 -- src/firejail/sandbox.c | 18 +++++----- 9 files changed, 40 insertions(+), 133 deletions(-) (limited to 'src') diff --git a/src/firejail/env.c b/src/firejail/env.c index 548e8102d..8d2b9ea5a 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c @@ -118,10 +118,7 @@ void env_defaults(void) { // env_store_name_val("QTWEBENGINE_DISABLE_SANDBOX", "1", SETENV); // env_store_name_val("MOZ_NO_REMOTE, "1", SETENV); env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc, - if (!cfg.shell) - cfg.shell = cfg.usershell; - if (cfg.shell) - env_store_name_val("SHELL", cfg.shell, SETENV); + env_store_name_val("SHELL", cfg.usershell, SETENV); // spawn KIO slaves inside the sandbox env_store_name_val("KDE_FORK_SLAVES", "1", SETENV); diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 325524379..a403767fb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -217,7 +217,6 @@ typedef struct config_t { char *command_line; char *window_title; char *command_name; - char *shell; char **original_argv; int original_argc; int original_program_index; @@ -310,7 +309,6 @@ extern char *arg_netfilter_file; // netfilter file extern char *arg_netfilter6_file; // netfilter file extern char *arg_netns; // "ip netns"-created network namespace to use extern int arg_doubledash; // double dash -extern int arg_shell_none; // run the program directly without a shell extern int arg_private_dev; // private dev directory extern int arg_keep_dev_shm; // preserve /dev/shm extern int arg_private_etc; // private etc directory diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 061461590..8c4cb3d4f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c @@ -62,7 +62,7 @@ static void skel(const char *homedir) { disable_tab_completion(homedir); // zsh - if (!arg_shell_none && (strcmp(cfg.shell,"/usr/bin/zsh") == 0 || strcmp(cfg.shell,"/bin/zsh") == 0)) { + if (strcmp(cfg.usershell,"/usr/bin/zsh") == 0 || strcmp(cfg.usershell,"/bin/zsh") == 0) { // copy skel files if (asprintf(&fname, "%s/.zshrc", homedir) == -1) errExit("asprintf"); @@ -86,7 +86,7 @@ static void skel(const char *homedir) { free(fname); } // csh - else if (!arg_shell_none && strcmp(cfg.shell,"/bin/csh") == 0) { + else if (strcmp(cfg.usershell,"/bin/csh") == 0) { // copy skel files if (asprintf(&fname, "%s/.cshrc", homedir) == -1) errExit("asprintf"); diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 848691a56..5d6d81ae1 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c @@ -392,8 +392,7 @@ void fs_private_lib(void) { char *private_list = cfg.lib_private_keep; if (arg_debug || arg_debug_private_lib) printf("Starting private-lib processing: program %s, shell %s\n", - (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", - (arg_shell_none)? "none": cfg.shell); + (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", cfg.usershell); // create /run/firejail/mnt/lib directory mkdir_attr(RUN_LIB_DIR, 0755, 0, 0); @@ -430,15 +429,15 @@ void fs_private_lib(void) { } } - // for the shell - if (!arg_shell_none) { - if (arg_debug || arg_debug_private_lib) - printf("Installing shell libraries\n"); - - fslib_install_list(cfg.shell); - // a shell is useless without some basic commands - fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm"); - } +// Note: this might be used for appimages!!! +// if (!arg_shell_none) { +// if (arg_debug || arg_debug_private_lib) +// printf("Installing shell libraries\n"); +// +// fslib_install_list(cfg.shell); +// // a shell is useless without some basic commands +// fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm"); +// } // for the listed libs and directories if (private_list && *private_list != '\0') { diff --git a/src/firejail/join.c b/src/firejail/join.c index b47089b0e..7bfe47059 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c @@ -113,14 +113,13 @@ static void extract_command(int argc, char **argv, int index) { static int open_shell(void) { EUID_ASSERT(); - assert(cfg.shell); if (arg_debug) - printf("Opening shell %s\n", cfg.shell); + printf("Opening shell %s\n", cfg.usershell); // file descriptor will leak if not opened with O_CLOEXEC !! - int fd = open(cfg.shell, O_PATH|O_CLOEXEC); + int fd = open(cfg.usershell, O_PATH|O_CLOEXEC); if (fd == -1) { - fprintf(stderr, "Error: cannot open shell %s\n", cfg.shell); + fprintf(stderr, "Error: cannot open shell %s\n", cfg.usershell); exit(1); } @@ -411,8 +410,9 @@ void join(pid_t pid, int argc, char **argv, int index) { extract_x11_display(pid); int shfd = -1; - if (!arg_shell_none) - shfd = open_shell(); +// Note: this might be used by joining appimages!!!! +// if (!arg_shell_none) +// shfd = open_shell(); // in user mode set caps seccomp, cpu etc. if (getuid() != 0) { @@ -516,10 +516,8 @@ void join(pid_t pid, int argc, char **argv, int index) { #endif extract_command(argc, argv, index); - if (cfg.command_line == NULL) { - assert(cfg.shell); - cfg.window_title = cfg.shell; - } + if (cfg.command_line == NULL) + cfg.window_title = cfg.usershell; else if (arg_debug) printf("Extracted command #%s#\n", cfg.command_line); diff --git a/src/firejail/main.c b/src/firejail/main.c index 1554209b9..6466be7d4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -105,7 +105,6 @@ char *arg_netfilter_file = NULL; // netfilter file char *arg_netfilter6_file = NULL; // netfilter6 file char *arg_netns = NULL; // "ip netns"-created network namespace to use int arg_doubledash = 0; // double dash -int arg_shell_none = 1; // run the program directly without a shell int arg_private_dev = 0; // private dev directory int arg_keep_dev_shm = 0; // preserve /dev/shm int arg_private_etc = 0; // private etc directory @@ -799,8 +798,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { if (argc <= (i+1)) just_run_the_shell = 1; cfg.original_program_index = i + 1; - if (!cfg.shell) - cfg.shell = cfg.usershell; // join sandbox by pid or by name pid_t pid = require_pid(argv[i] + 7); @@ -821,10 +818,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { just_run_the_shell = 1; cfg.original_program_index = i + 1; - if (!cfg.shell) - cfg.shell = cfg.usershell; - -printf("***** %d\n", just_run_the_shell); // try to join by name only pid_t pid; if (!read_pid(argv[i] + 16, &pid)) { @@ -847,9 +840,6 @@ printf("***** %d\n", just_run_the_shell); exit(1); } - if (!cfg.shell) - cfg.shell = cfg.usershell; - // join sandbox by pid or by name pid_t pid = require_pid(argv[i] + 15); join(pid, argc, argv, i + 1); @@ -867,9 +857,6 @@ printf("***** %d\n", just_run_the_shell); exit(1); } - if (!cfg.shell) - cfg.shell = cfg.usershell; - // join sandbox by pid or by name pid_t pid = require_pid(argv[i] + 18); join(pid, argc, argv, i + 1); @@ -2685,45 +2672,9 @@ int main(int argc, char **argv, char **envp) { else if (strncmp(argv[i], "--oom=", 6) == 0) { // already handled } - else if (strcmp(argv[i], "--shell=none") == 0) { - fprintf(stderr, "Warning: --shell=none is done by default; the command will be deprecated\n"); - if (cfg.shell) { - fprintf(stderr, "Error: a shell was already specified\n"); - return 1; - } - } else if (strncmp(argv[i], "--shell=", 8) == 0) { - if (arg_shell_none) { - fprintf(stderr, "Error: --shell=none was already specified.\n"); - return 1; - } - invalid_filename(argv[i] + 8, 0); // no globbing - - if (cfg.shell) { - fprintf(stderr, "Error: only one user shell can be specified\n"); - return 1; - } - cfg.shell = argv[i] + 8; - - if (is_dir(cfg.shell) || strstr(cfg.shell, "..")) { - fprintf(stderr, "Error: invalid shell\n"); - exit(1); - } - - // access call checks as real UID/GID, not as effective UID/GID - if(cfg.chrootdir) { - char *shellpath; - if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) - errExit("asprintf"); - if (access(shellpath, X_OK)) { - fprintf(stderr, "Error: cannot access shell file in chroot\n"); - exit(1); - } - free(shellpath); - } else if (access(cfg.shell, X_OK)) { - fprintf(stderr, "Error: cannot access shell file\n"); - exit(1); - } + fprintf(stderr, "Warning: --shell feature has been deprecated\n"); + exit(1); } else if (strcmp(argv[i], "-c") == 0) { arg_command = 1; @@ -2785,9 +2736,6 @@ int main(int argc, char **argv, char **envp) { cfg.command_name = strdup(argv[i]); if (!cfg.command_name) errExit("strdup"); - - // disable shell=* for appimages - arg_shell_none = 0; } else extract_command_name(i, argv); @@ -2814,12 +2762,6 @@ int main(int argc, char **argv, char **envp) { } } - // prog_index could still be -1 if no program was specified - if (prog_index == -1 && arg_shell_none) { - just_run_the_shell = 1; - if (!cfg.shell) - cfg.shell = cfg.usershell; - } // check trace configuration if (arg_trace && arg_tracelog) { @@ -2863,27 +2805,18 @@ int main(int argc, char **argv, char **envp) { free(msg); } - // guess shell if unspecified - if (!arg_shell_none && !cfg.shell) { - cfg.shell = cfg.usershell; - if (!cfg.shell) { - fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n"); - exit(1); - } - if (arg_debug) - printf("Autoselecting %s as shell\n", cfg.shell); - } - // build the sandbox command - if (prog_index == -1 && cfg.shell) { - assert(cfg.command_line == NULL); // runs cfg.shell + if (prog_index == -1) { + just_run_the_shell = 1; + + assert(cfg.command_line == NULL); // runs the user shell if (arg_appimage) { fprintf(stderr, "Error: no appimage archive specified\n"); exit(1); } - cfg.window_title = cfg.shell; - cfg.command_name = cfg.shell; + cfg.window_title = cfg.usershell; + cfg.command_name = cfg.usershell; } else if (arg_appimage) { if (arg_debug) @@ -2907,11 +2840,8 @@ int main(int argc, char **argv, char **envp) { // load the profile if (!arg_noprofile && !custom_profile) { - if (arg_appimage) { + if (arg_appimage) custom_profile = appimage_find_profile(cfg.command_name); - // disable shell=* for appimages - arg_shell_none = 0; - } else custom_profile = profile_find_firejail(cfg.command_name, 1); } diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 62b701c4d..f5e287e32 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c @@ -189,25 +189,15 @@ void run_no_sandbox(int argc, char **argv) { } if (prog_index == 0) { - // got no command, require a shell and try to execute it - cfg.shell = cfg.usershell; - if (!cfg.shell) { - fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); - exit(1); - } - assert(cfg.command_line == NULL); - cfg.window_title = cfg.shell; + cfg.window_title = cfg.usershell; } else { // this sandbox might not allow execution of a shell - // force --shell=none in order to not break firecfg symbolic links - arg_shell_none = 1; - build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index, true); } fwarning("an existing sandbox was detected. " - "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell); + "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.usershell); cfg.original_argv = argv; cfg.original_program_index = prog_index; diff --git a/src/firejail/profile.c b/src/firejail/profile.c index b0389fc3f..1a83a0628 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1561,9 +1561,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { int r = name2pid(ptr + 14, &pid); EUID_USER(); if (!r) { - if (!cfg.shell && !arg_shell_none) - cfg.shell = cfg.usershell; - // find first non-option arg int i; for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++); diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7f74635ec..6b84faf13 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -528,7 +528,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { //**************************************** // start the program without using a shell //**************************************** - else if (arg_shell_none) { + else if (!arg_appimage) { if (arg_debug) { int i; for (i = cfg.original_program_index; i < cfg.original_argc; i++) { @@ -560,17 +560,15 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); } //**************************************** - // start the program using a shell + // start the program using a shell (appimages) //**************************************** - else { - assert(cfg.shell); - + else { // appimage char *arg[5]; int index = 0; - arg[index++] = cfg.shell; + arg[index++] = cfg.usershell; if (cfg.command_line) { if (arg_debug) - printf("Running %s command through %s\n", cfg.command_line, cfg.shell); + printf("Running %s command through %s\n", cfg.command_line, cfg.usershell); arg[index++] = "-c"; if (arg_doubledash) arg[index++] = "--"; @@ -578,11 +576,11 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { } else if (login_shell) { if (arg_debug) - printf("Starting %s login shell\n", cfg.shell); + printf("Starting %s login shell\n", cfg.usershell); arg[index++] = "-l"; } else if (arg_debug) - printf("Starting %s shell\n", cfg.shell); + printf("Starting %s shell\n", cfg.usershell); assert(index < 5); arg[index] = NULL; @@ -590,7 +588,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { if (arg_debug) { char *msg; if (asprintf(&msg, "sandbox %d, execvp into %s", - sandbox_pid, cfg.command_line ? cfg.command_line : cfg.shell) == -1) + sandbox_pid, cfg.command_line ? cfg.command_line : cfg.usershell) == -1) errExit("asprintf"); logmsg(msg); free(msg); -- cgit v1.2.3-54-g00ecf