From 62edc4b5d4bfdb81690a4a955763285760657079 Mon Sep 17 00:00:00 2001 From: Laurent Declercq Date: Sun, 14 Aug 2016 19:41:44 +0200 Subject: Fixed #712 --- src/firejail/fs.c | 17 ++++++++++------- src/firejail/main.c | 12 +++++++++++- 2 files changed, 21 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5fe31cec8..98b661028 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -1110,13 +1110,16 @@ int fs_check_chroot_dir(const char *rootdir) { } free(name); - // check shell - if (!arg_shell_none) { - if (stat(cfg.shell, &s) == -1) { - fprintf(stderr, "Error: cannot find %s in chroot directory\n", cfg.shell); - return 1; - } - } + // check shell (test not needed. We already test access in main.c) + //if (!arg_shell_none) { + // if (asprintf(&name, "%s%s", rootdir, (char *)&cfg.shell) == -1) + // errExit("asprintf"); + // if (stat(name, &s) == -1) { + // fprintf(stderr, "Error: cannot find %s in chroot directory\n", name); + // return 1; + // } + // free(name); + //} // check x11 socket directory if (getenv("FIREJAIL_X11")) { diff --git a/src/firejail/main.c b/src/firejail/main.c index c8cc3f460..13270314b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1929,9 +1929,19 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid shell\n"); exit(1); } - + // access call checks as real UID/GID, not as effective UID/GID if (access(cfg.shell, R_OK)) { + if(cfg.chrootdir) { + char *shellpath; + if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) + errExit("asprintf"); + if (access(shellpath, R_OK)) { + fprintf(stderr, "Error: cannot access shell file in chroot\n"); + exit(1); + } + free(shellpath); + } else if (access(cfg.shell, R_OK)) { fprintf(stderr, "Error: cannot access shell file\n"); exit(1); } -- cgit v1.2.3-54-g00ecf From c844234739feb7aae98bd27efba8af83c729528b Mon Sep 17 00:00:00 2001 From: Laurent Declercq Date: Sun, 14 Aug 2016 19:46:19 +0200 Subject: Small fix --- src/firejail/main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 13270314b..6b5f97779 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1931,8 +1931,7 @@ int main(int argc, char **argv) { } // access call checks as real UID/GID, not as effective UID/GID - if (access(cfg.shell, R_OK)) { - if(cfg.chrootdir) { + if(cfg.chrootdir) { char *shellpath; if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) errExit("asprintf"); -- cgit v1.2.3-54-g00ecf From 1a1f0f253c11caaaac7411611b070f091f8353cc Mon Sep 17 00:00:00 2001 From: Laurent Declercq Date: Sun, 14 Aug 2016 20:01:06 +0200 Subject: CS fixes --- src/firejail/main.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 6b5f97779..75ad69ce4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1932,14 +1932,14 @@ int main(int argc, char **argv) { // access call checks as real UID/GID, not as effective UID/GID if(cfg.chrootdir) { - char *shellpath; - if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) - errExit("asprintf"); - if (access(shellpath, R_OK)) { - fprintf(stderr, "Error: cannot access shell file in chroot\n"); - exit(1); - } - free(shellpath); + char *shellpath; + if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1) + errExit("asprintf"); + if (access(shellpath, R_OK)) { + fprintf(stderr, "Error: cannot access shell file in chroot\n"); + exit(1); + } + free(shellpath); } else if (access(cfg.shell, R_OK)) { fprintf(stderr, "Error: cannot access shell file\n"); exit(1); -- cgit v1.2.3-54-g00ecf