From 8b922b72ac0b508fcb50cf4d2ea3d8740e63604e Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 19 Feb 2016 16:16:50 -0500
Subject: euid switching

---
 src/firejail/caps.c    |  2 +-
 src/firejail/cpu.c     |  2 ++
 src/firejail/fs_etc.c  |  1 +
 src/firejail/profile.c |  1 +
 src/firejail/util.c    | 11 +++++++----
 5 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 838934aee..d623c5fd3 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -193,7 +193,6 @@ static int caps_find_name(const char *name) {
 
 // return 1 if error, 0 if OK
 int caps_check_list(const char *clist, void (*callback)(int)) {
-	
 	// don't allow empty lists
 	if (clist == NULL || *clist == '\0') {
 		fprintf(stderr, "Error: empty capabilities lists are not allowed\n");
@@ -400,6 +399,7 @@ static uint64_t extract_caps(int pid) {
 
 
 void caps_print_filter_name(const char *name) {
+	EUID_ASSERT();
 	if (!name || strlen(name) == 0) {
 		fprintf(stderr, "Error: invalid sandbox name\n");
 		exit(1);
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index bfad1dc25..23906ae48 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -40,6 +40,8 @@ static void set_cpu(const char *str) {
 }
 
 void read_cpu_list(const char *str) {
+	EUID_ASSERT();
+	
 	char *tmp = strdup(str);
 	if (tmp == NULL)
 		errExit("strdup");
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index c3a247331..5a8bf6904 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -57,6 +57,7 @@ static int check_dir_or_file(const char *name) {
 }
 
 void fs_check_etc_list(void) {
+	EUID_ASSERT();
 	if (strstr(cfg.etc_private_keep, "..")) {
 		fprintf(stderr, "Error: invalid private etc list\n");
 		exit(1);
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 518fdf194..112454396 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -25,6 +25,7 @@
 
 // find and read the profile specified by name from dir directory
 int profile_find(const char *name, const char *dir) {
+	EUID_ASSERT();
 	assert(name);
 	assert(dir);
 	
diff --git a/src/firejail/util.c b/src/firejail/util.c
index a74693c7a..3463095f9 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -258,6 +258,7 @@ int is_link(const char *fname) {
 
 // remove multiple spaces and return allocated memory
 char *line_remove_spaces(const char *buf) {
+	EUID_ASSERT();
 	assert(buf);
 	if (strlen(buf) == 0)
 		return NULL;
@@ -307,6 +308,7 @@ char *line_remove_spaces(const char *buf) {
 
 
 char *split_comma(char *str) {
+	EUID_ASSERT();
 	if (str == NULL || *str == '\0')
 		return NULL;
 	char *ptr = strchr(str, ',');
@@ -340,6 +342,7 @@ int not_unsigned(const char *str) {
 #define BUFLEN 4096
 // find the first child for this parent; return 1 if error
 int find_child(pid_t parent, pid_t *child) {
+	EUID_ASSERT();
 	*child = 0;				  // use it to flag a found child
 
 	DIR *dir;
@@ -530,8 +533,7 @@ void notify_other(int fd) {
 // directory (supplied).
 // The return value is allocated using malloc and must be freed by the caller.
 // The function returns NULL if there are any errors.
-char *expand_home(const char *path, const char* homedir)
-{
+char *expand_home(const char *path, const char* homedir) {
 	assert(path);
 	assert(homedir);
 	
@@ -554,8 +556,7 @@ char *expand_home(const char *path, const char* homedir)
 // Equivalent to the GNU version of basename, which is incompatible with
 // the POSIX basename. A few lines of code saves any portability pain.
 // https://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html#index-basename
-const char *gnu_basename(const char *path)
-{
+const char *gnu_basename(const char *path) {
 	const char *last_slash = strrchr(path, '/');
 	if (!last_slash)
 		return path;
@@ -563,6 +564,7 @@ const char *gnu_basename(const char *path)
 }
 
 uid_t pid_get_uid(pid_t pid) {
+	EUID_ASSERT();
 	uid_t rv = 0;
 	
 	// open status file
@@ -606,6 +608,7 @@ uid_t pid_get_uid(pid_t pid) {
 }
 
 void invalid_filename(const char *fname) {
+	EUID_ASSERT();
 	assert(fname);
 	const char *ptr = fname;
 	
-- 
cgit v1.2.3-54-g00ecf