mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 06:06:02 -06:00
removed restricted shell
This commit is contained in:
netblue30
parent
020ae3787b
commit
58ff81712b
4 changed files with 7 additions and 136 deletions
|
|
@ -6,7 +6,6 @@ gcov_init() {
|
|||
firemon --help > /dev/null
|
||||
/usr/lib/firejail/fnet --help > /dev/null
|
||||
/usr/lib/firejail/fseccomp --help > /dev/null
|
||||
/usr/lib/firejail/ftee --help > /dev/null
|
||||
firecfg --help > /dev/null
|
||||
|
||||
/usr/lib/firejail/fnetfilter --help > /dev/null
|
||||
|
|
@ -20,5 +19,5 @@ rm -fr gcov-dir
|
|||
gcov_init
|
||||
lcov -q --capture -d src/firejail -d src/firemon \
|
||||
-d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp \
|
||||
-d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file
|
||||
-d src/fnet -d src/lib -d src/firecfg --output-file gcov-file
|
||||
genhtml -q gcov-file --output-directory gcov-dir
|
||||
|
|
|
|||
|
|
@ -968,6 +968,7 @@ int main(int argc, char **argv) {
|
|||
delete_run_files(sandbox_pid);
|
||||
EUID_USER();
|
||||
|
||||
#ifndef LTS
|
||||
//check if the parent is sshd daemon
|
||||
int parent_sshd = 0;
|
||||
{
|
||||
|
|
@ -1066,12 +1067,11 @@ int main(int argc, char **argv) {
|
|||
#endif
|
||||
}
|
||||
}
|
||||
#ifndef LTS
|
||||
else {
|
||||
// check --output option and execute it;
|
||||
check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
|
||||
}
|
||||
#endif
|
||||
#endif // LTS
|
||||
EUID_ASSERT();
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,132 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2014-2018 Firejail Authors
|
||||
*
|
||||
* This file is part of firejail project
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#include "firejail.h"
|
||||
#include <fnmatch.h>
|
||||
|
||||
#define MAX_READ 4096 // maximum line length
|
||||
char *restricted_user = NULL;
|
||||
|
||||
|
||||
int restricted_shell(const char *user) {
|
||||
EUID_ASSERT();
|
||||
assert(user);
|
||||
|
||||
// open profile file:
|
||||
char *fname;
|
||||
if (asprintf(&fname, "%s/login.users", SYSCONFDIR) == -1)
|
||||
errExit("asprintf");
|
||||
FILE *fp = fopen(fname, "r");
|
||||
free(fname);
|
||||
if (fp == NULL)
|
||||
return 0;
|
||||
|
||||
int lineno = 0;
|
||||
char buf[MAX_READ];
|
||||
while (fgets(buf, MAX_READ, fp)) {
|
||||
lineno++;
|
||||
|
||||
// remove empty spaces at the beginning of the line
|
||||
char *ptr = buf;
|
||||
while (*ptr == ' ' || *ptr == '\t') {
|
||||
ptr++;
|
||||
}
|
||||
if (*ptr == '\n' || *ptr == '#')
|
||||
continue;
|
||||
|
||||
//
|
||||
// parse line
|
||||
//
|
||||
|
||||
// extract users
|
||||
char *usr = ptr;
|
||||
char *args = strchr(usr, ':');
|
||||
if (args == NULL) {
|
||||
fprintf(stderr, "Error: users.conf line %d\n", lineno);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
*args = '\0';
|
||||
args++;
|
||||
ptr = strchr(args, '\n');
|
||||
if (ptr)
|
||||
*ptr = '\0';
|
||||
|
||||
// extract firejail command line arguments
|
||||
char *ptr2 = args;
|
||||
int found = 0;
|
||||
while (*ptr2 != '\0') {
|
||||
if (*ptr2 != ' ' && *ptr2 != '\t') {
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
ptr2++;
|
||||
}
|
||||
// if nothing follows, continue
|
||||
if (!found)
|
||||
continue;
|
||||
|
||||
// user name globbing
|
||||
if (fnmatch(usr, user, 0) == 0) {
|
||||
// process program arguments
|
||||
|
||||
fullargv[0] = "firejail";
|
||||
int i;
|
||||
ptr = args;
|
||||
for (i = 1; i < MAX_ARGS; i++) {
|
||||
// skip blanks
|
||||
while (*ptr == ' ' || *ptr == '\t')
|
||||
ptr++;
|
||||
fullargv[i] = ptr;
|
||||
#ifdef DEBUG_RESTRICTED_SHELL
|
||||
{EUID_ROOT();
|
||||
FILE *fp = fopen("/firelog", "a");
|
||||
if (fp) {
|
||||
fprintf(fp, "i %d ptr #%s#\n", i, fullargv[i]);
|
||||
fclose(fp);
|
||||
}
|
||||
EUID_USER();}
|
||||
#endif
|
||||
|
||||
if (*ptr != '\0') {
|
||||
// go to the end of the word
|
||||
while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
|
||||
ptr++;
|
||||
*ptr ='\0';
|
||||
fullargv[i] = strdup(fullargv[i]);
|
||||
if (fullargv[i] == NULL)
|
||||
errExit("strdup");
|
||||
ptr++;
|
||||
while (*ptr == ' ' || *ptr == '\t')
|
||||
ptr++;
|
||||
if (*ptr != '\0')
|
||||
continue;
|
||||
}
|
||||
fullargv[i] = strdup(fullargv[i]);
|
||||
fclose(fp);
|
||||
return i + 1;
|
||||
}
|
||||
fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
fclose(fp);
|
||||
|
||||
return 0;
|
||||
}
|
||||
4
status
4
status
|
|
@ -1,3 +1,7 @@
|
|||
main:14864, LTS 10890
|
||||
removed restricted-shell
|
||||
|
||||
|
||||
Aug 26 - merge mainline
|
||||
|
||||
Phase 2
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue