0 | |
Author: netblue30 <netblue30@yahoo.com>
|
1 | |
Description: Followup fix for CVE-2017-5180
|
2 | |
Bug: https://github.com/netblue30/firejail/issues/1020
|
3 | |
Bug-Debian: https://bugs.debian.org/850160
|
4 | |
Origin: upstream, https://github.com/netblue30/firejail/commit/d37421f8b1cc0f8c6f40523169f02447eaba9405
|
5 | |
|
6 | |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
|
7 | |
index dafa591..2897ffe 100644
|
8 | |
--- a/src/firejail/firejail.h
|
9 | |
+++ b/src/firejail/firejail.h
|
10 | |
@@ -463,6 +463,7 @@ void invalid_filename(const char *fname);
|
11 | |
uid_t get_group_id(const char *group);
|
12 | |
int remove_directory(const char *path);
|
13 | |
void flush_stdin(void);
|
14 | |
+int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode);
|
15 | |
|
16 | |
// fs_var.c
|
17 | |
void fs_var_log(void); // mounting /var/log
|
18 | |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
|
19 | |
index 7c28870..91f77fb 100644
|
20 | |
--- a/src/firejail/fs_home.c
|
21 | |
+++ b/src/firejail/fs_home.c
|
22 | |
@@ -108,6 +108,14 @@ static int store_xauthority(void) {
|
23 | |
|
24 | |
char *src;
|
25 | |
char *dest = RUN_XAUTHORITY_FILE;
|
26 | |
+ // create an empty file
|
27 | |
+ FILE *fp = fopen(dest, "w");
|
28 | |
+ if (fp) {
|
29 | |
+ fprintf(fp, "\n");
|
30 | |
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
|
31 | |
+ fclose(fp);
|
32 | |
+ }
|
33 | |
+
|
34 | |
if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1)
|
35 | |
errExit("asprintf");
|
36 | |
|
37 | |
@@ -117,12 +125,25 @@ static int store_xauthority(void) {
|
38 | |
fprintf(stderr, "Warning: invalid .Xauthority file\n");
|
39 | |
return 0;
|
40 | |
}
|
41 | |
-
|
42 | |
- int rv = copy_file(src, dest, -1, -1, 0600);
|
43 | |
- if (rv) {
|
44 | |
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
|
45 | |
- return 0;
|
46 | |
+
|
47 | |
+ pid_t child = fork();
|
48 | |
+ if (child < 0)
|
49 | |
+ errExit("fork");
|
50 | |
+ if (child == 0) {
|
51 | |
+ // drop privileges
|
52 | |
+ drop_privs(0);
|
53 | |
+
|
54 | |
+ // copy, set permissions and ownership
|
55 | |
+ int rv = copy_file(src, dest, getuid(), getgid(), 0600);
|
56 | |
+ if (rv)
|
57 | |
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
|
58 | |
+ else {
|
59 | |
+ fs_logger2("clone", dest);
|
60 | |
+ }
|
61 | |
+ _exit(0);
|
62 | |
}
|
63 | |
+ // wait for the child to finish
|
64 | |
+ waitpid(child, NULL, 0);
|
65 | |
return 1; // file copied
|
66 | |
}
|
67 | |
|
68 | |
@@ -135,6 +156,14 @@ static int store_asoundrc(void) {
|
69 | |
|
70 | |
char *src;
|
71 | |
char *dest = RUN_ASOUNDRC_FILE;
|
72 | |
+ // create an empty file
|
73 | |
+ FILE *fp = fopen(dest, "w");
|
74 | |
+ if (fp) {
|
75 | |
+ fprintf(fp, "\n");
|
76 | |
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
|
77 | |
+ fclose(fp);
|
78 | |
+ }
|
79 | |
+
|
80 | |
if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1)
|
81 | |
errExit("asprintf");
|
82 | |
|
83 | |
@@ -142,6 +171,7 @@ static int store_asoundrc(void) {
|
84 | |
if (stat(src, &s) == 0) {
|
85 | |
if (is_link(src)) {
|
86 | |
// make sure the real path of the file is inside the home directory
|
87 | |
+ /* coverity[toctou] */
|
88 | |
char* rp = realpath(src, NULL);
|
89 | |
if (!rp) {
|
90 | |
fprintf(stderr, "Error: Cannot access %s\n", src);
|
91 | |
@@ -154,11 +184,24 @@ static int store_asoundrc(void) {
|
92 | |
free(rp);
|
93 | |
}
|
94 | |
|
95 | |
- int rv = copy_file(src, dest, -1, -1, -0644);
|
96 | |
- if (rv) {
|
97 | |
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
|
98 | |
- return 0;
|
99 | |
+ pid_t child = fork();
|
100 | |
+ if (child < 0)
|
101 | |
+ errExit("fork");
|
102 | |
+ if (child == 0) {
|
103 | |
+ // drop privileges
|
104 | |
+ drop_privs(0);
|
105 | |
+
|
106 | |
+ // copy, set permissions and ownership
|
107 | |
+ int rv = copy_file(src, dest, getuid(), getgid(), 0644);
|
108 | |
+ if (rv)
|
109 | |
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
|
110 | |
+ else {
|
111 | |
+ fs_logger2("clone", dest);
|
112 | |
+ }
|
113 | |
+ _exit(0);
|
114 | |
}
|
115 | |
+ // wait for the child to finish
|
116 | |
+ waitpid(child, NULL, 0);
|
117 | |
return 1; // file copied
|
118 | |
}
|
119 | |
|
120 | |
@@ -171,20 +214,31 @@ static void copy_xauthority(void) {
|
121 | |
char *dest;
|
122 | |
if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
|
123 | |
errExit("asprintf");
|
124 | |
-
|
125 | |
+
|
126 | |
// if destination is a symbolic link, exit the sandbox!!!
|
127 | |
if (is_link(dest)) {
|
128 | |
fprintf(stderr, "Error: %s is a symbolic link\n", dest);
|
129 | |
exit(1);
|
130 | |
}
|
131 | |
-
|
132 | |
- // copy, set permissions and ownership
|
133 | |
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
|
134 | |
- if (rv)
|
135 | |
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
|
136 | |
- else {
|
137 | |
- fs_logger2("clone", dest);
|
138 | |
+
|
139 | |
+ pid_t child = fork();
|
140 | |
+ if (child < 0)
|
141 | |
+ errExit("fork");
|
142 | |
+ if (child == 0) {
|
143 | |
+ // drop privileges
|
144 | |
+ drop_privs(0);
|
145 | |
+
|
146 | |
+ // copy, set permissions and ownership
|
147 | |
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
|
148 | |
+ if (rv)
|
149 | |
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
|
150 | |
+ else {
|
151 | |
+ fs_logger2("clone", dest);
|
152 | |
+ }
|
153 | |
+ _exit(0);
|
154 | |
}
|
155 | |
+ // wait for the child to finish
|
156 | |
+ waitpid(child, NULL, 0);
|
157 | |
|
158 | |
// delete the temporary file
|
159 | |
unlink(src);
|
160 | |
@@ -196,25 +250,37 @@ static void copy_asoundrc(void) {
|
161 | |
char *dest;
|
162 | |
if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
|
163 | |
errExit("asprintf");
|
164 | |
-
|
165 | |
+
|
166 | |
// if destination is a symbolic link, exit the sandbox!!!
|
167 | |
if (is_link(dest)) {
|
168 | |
fprintf(stderr, "Error: %s is a symbolic link\n", dest);
|
169 | |
exit(1);
|
170 | |
}
|
171 | |
-
|
172 | |
- // copy, set permissions and ownership
|
173 | |
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
|
174 | |
- if (rv)
|
175 | |
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
|
176 | |
- else {
|
177 | |
- fs_logger2("clone", dest);
|
178 | |
+
|
179 | |
+ pid_t child = fork();
|
180 | |
+ if (child < 0)
|
181 | |
+ errExit("fork");
|
182 | |
+ if (child == 0) {
|
183 | |
+ // drop privileges
|
184 | |
+ drop_privs(0);
|
185 | |
+
|
186 | |
+ // copy, set permissions and ownership
|
187 | |
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
|
188 | |
+ if (rv)
|
189 | |
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
|
190 | |
+ else {
|
191 | |
+ fs_logger2("clone", dest);
|
192 | |
+ }
|
193 | |
+ _exit(0);
|
194 | |
}
|
195 | |
+ // wait for the child to finish
|
196 | |
+ waitpid(child, NULL, 0);
|
197 | |
|
198 | |
// delete the temporary file
|
199 | |
unlink(src);
|
200 | |
}
|
201 | |
|
202 | |
+
|
203 | |
// private mode (--private=homedir):
|
204 | |
// mount homedir on top of /home/user,
|
205 | |
// tmpfs on top of /root in nonroot mode,
|
206 | |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
|
207 | |
index 5c003f2..d6cee40 100644
|
208 | |
--- a/src/firejail/pulseaudio.c
|
209 | |
+++ b/src/firejail/pulseaudio.c
|
210 | |
@@ -1,4 +1,4 @@
|
211 | |
-/*
|
212 | |
+ /*
|
213 | |
* Copyright (C) 2014-2016 Firejail Authors
|
214 | |
*
|
215 | |
* This file is part of firejail project
|
216 | |
@@ -22,6 +22,7 @@
|
217 | |
#include <sys/stat.h>
|
218 | |
#include <sys/mount.h>
|
219 | |
#include <dirent.h>
|
220 | |
+#include <sys/wait.h>
|
221 | |
|
222 | |
static void disable_file(const char *path, const char *file) {
|
223 | |
assert(file);
|
224 | |
@@ -125,18 +126,28 @@ void pulseaudio_init(void) {
|
225 | |
SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
|
226 | |
fclose(fp);
|
227 | |
|
228 | |
+
|
229 | |
// create ~/.config/pulse directory if not present
|
230 | |
char *dir1;
|
231 | |
if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
|
232 | |
errExit("asprintf");
|
233 | |
if (stat(dir1, &s) == -1) {
|
234 | |
- int rv = mkdir(dir1, 0755);
|
235 | |
- if (rv == 0) {
|
236 | |
- rv = chown(dir1, getuid(), getgid());
|
237 | |
- (void) rv;
|
238 | |
- rv = chmod(dir1, 0755);
|
239 | |
- (void) rv;
|
240 | |
+ pid_t child = fork();
|
241 | |
+ if (child < 0)
|
242 | |
+ errExit("fork");
|
243 | |
+ if (child == 0) {
|
244 | |
+ // drop privileges
|
245 | |
+ drop_privs(0);
|
246 | |
+
|
247 | |
+ int rv = mkdir(dir1, 0755);
|
248 | |
+ if (rv == 0) {
|
249 | |
+ if (set_perms(dir1, getuid(), getgid(), 0755))
|
250 | |
+ {;} // do nothing
|
251 | |
+ }
|
252 | |
+ _exit(0);
|
253 | |
}
|
254 | |
+ // wait for the child to finish
|
255 | |
+ waitpid(child, NULL, 0);
|
256 | |
}
|
257 | |
else {
|
258 | |
// make sure the directory is owned by the user
|
259 | |
@@ -146,17 +157,26 @@ void pulseaudio_init(void) {
|
260 | |
}
|
261 | |
}
|
262 | |
free(dir1);
|
263 | |
-
|
264 | |
+
|
265 | |
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
|
266 | |
errExit("asprintf");
|
267 | |
if (stat(dir1, &s) == -1) {
|
268 | |
- int rv = mkdir(dir1, 0700);
|
269 | |
- if (rv == 0) {
|
270 | |
- rv = chown(dir1, getuid(), getgid());
|
271 | |
- (void) rv;
|
272 | |
- rv = chmod(dir1, 0700);
|
273 | |
- (void) rv;
|
274 | |
+ pid_t child = fork();
|
275 | |
+ if (child < 0)
|
276 | |
+ errExit("fork");
|
277 | |
+ if (child == 0) {
|
278 | |
+ // drop privileges
|
279 | |
+ drop_privs(0);
|
280 | |
+
|
281 | |
+ int rv = mkdir(dir1, 0700);
|
282 | |
+ if (rv == 0) {
|
283 | |
+ if (set_perms(dir1, getuid(), getgid(), 0700))
|
284 | |
+ {;} // do nothing
|
285 | |
+ }
|
286 | |
+ _exit(0);
|
287 | |
}
|
288 | |
+ // wait for the child to finish
|
289 | |
+ waitpid(child, NULL, 0);
|
290 | |
}
|
291 | |
else {
|
292 | |
// make sure the directory is owned by the user
|
293 | |
@@ -167,7 +187,6 @@ void pulseaudio_init(void) {
|
294 | |
}
|
295 | |
free(dir1);
|
296 | |
|
297 | |
-
|
298 | |
// if we have ~/.config/pulse mount the new directory, else set environment variable
|
299 | |
char *homeusercfg;
|
300 | |
if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
|
301 | |
diff --git a/src/firejail/util.c b/src/firejail/util.c
|
302 | |
index f38b02f..f86d6c3 100644
|
303 | |
--- a/src/firejail/util.c
|
304 | |
+++ b/src/firejail/util.c
|
305 | |
@@ -689,4 +689,14 @@ void flush_stdin(void) {
|
306 | |
}
|
307 | |
}
|
308 | |
}
|
309 | |
+// return 1 if error
|
310 | |
+int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode) {
|
311 | |
+ assert(fname);
|
312 | |
+ if (chmod(fname, mode) == -1)
|
313 | |
+ return 1;
|
314 | |
+ if (chown(fname, uid, gid) == -1)
|
315 | |
+ return 1;
|
316 | |
+ return 0;
|
317 | |
+}
|
318 | |
+
|
319 | |
|