From 58ff81712b3d7c02a423082d9760b14b7da097eb Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 27 Aug 2018 08:09:21 -0400 Subject: [PATCH] removed restricted shell --- linecnt.sh | 3 +- src/firejail/main.c | 4 +- src/firejail/restricted_shell.c | 132 -------------------------------- status | 4 + 4 files changed, 7 insertions(+), 136 deletions(-) delete mode 100644 src/firejail/restricted_shell.c diff --git a/linecnt.sh b/linecnt.sh index 4048077e8..c0ba0df05 100755 --- a/linecnt.sh +++ b/linecnt.sh @@ -6,7 +6,6 @@ gcov_init() { firemon --help > /dev/null /usr/lib/firejail/fnet --help > /dev/null /usr/lib/firejail/fseccomp --help > /dev/null - /usr/lib/firejail/ftee --help > /dev/null firecfg --help > /dev/null /usr/lib/firejail/fnetfilter --help > /dev/null @@ -20,5 +19,5 @@ rm -fr gcov-dir gcov_init lcov -q --capture -d src/firejail -d src/firemon \ -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp \ - -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file + -d src/fnet -d src/lib -d src/firecfg --output-file gcov-file genhtml -q gcov-file --output-directory gcov-dir diff --git a/src/firejail/main.c b/src/firejail/main.c index b3664ee2e..706ec5be4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -968,6 +968,7 @@ int main(int argc, char **argv) { delete_run_files(sandbox_pid); EUID_USER(); +#ifndef LTS //check if the parent is sshd daemon int parent_sshd = 0; { @@ -1066,12 +1067,11 @@ int main(int argc, char **argv) { #endif } } -#ifndef LTS else { // check --output option and execute it; check_output(argc, argv); // the function will not return if --output or --output-stderr option was found } -#endif +#endif // LTS EUID_ASSERT(); diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c deleted file mode 100644 index 9beb01655..000000000 --- a/src/firejail/restricted_shell.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (C) 2014-2018 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#include "firejail.h" -#include - -#define MAX_READ 4096 // maximum line length -char *restricted_user = NULL; - - -int restricted_shell(const char *user) { - EUID_ASSERT(); - assert(user); - - // open profile file: - char *fname; - if (asprintf(&fname, "%s/login.users", SYSCONFDIR) == -1) - errExit("asprintf"); - FILE *fp = fopen(fname, "r"); - free(fname); - if (fp == NULL) - return 0; - - int lineno = 0; - char buf[MAX_READ]; - while (fgets(buf, MAX_READ, fp)) { - lineno++; - - // remove empty spaces at the beginning of the line - char *ptr = buf; - while (*ptr == ' ' || *ptr == '\t') { - ptr++; - } - if (*ptr == '\n' || *ptr == '#') - continue; - - // - // parse line - // - - // extract users - char *usr = ptr; - char *args = strchr(usr, ':'); - if (args == NULL) { - fprintf(stderr, "Error: users.conf line %d\n", lineno); - exit(1); - } - - *args = '\0'; - args++; - ptr = strchr(args, '\n'); - if (ptr) - *ptr = '\0'; - - // extract firejail command line arguments - char *ptr2 = args; - int found = 0; - while (*ptr2 != '\0') { - if (*ptr2 != ' ' && *ptr2 != '\t') { - found = 1; - break; - } - ptr2++; - } - // if nothing follows, continue - if (!found) - continue; - - // user name globbing - if (fnmatch(usr, user, 0) == 0) { - // process program arguments - - fullargv[0] = "firejail"; - int i; - ptr = args; - for (i = 1; i < MAX_ARGS; i++) { - // skip blanks - while (*ptr == ' ' || *ptr == '\t') - ptr++; - fullargv[i] = ptr; -#ifdef DEBUG_RESTRICTED_SHELL - {EUID_ROOT(); - FILE *fp = fopen("/firelog", "a"); - if (fp) { - fprintf(fp, "i %d ptr #%s#\n", i, fullargv[i]); - fclose(fp); - } - EUID_USER();} -#endif - - if (*ptr != '\0') { - // go to the end of the word - while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') - ptr++; - *ptr ='\0'; - fullargv[i] = strdup(fullargv[i]); - if (fullargv[i] == NULL) - errExit("strdup"); - ptr++; - while (*ptr == ' ' || *ptr == '\t') - ptr++; - if (*ptr != '\0') - continue; - } - fullargv[i] = strdup(fullargv[i]); - fclose(fp); - return i + 1; - } - fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno); - exit(1); - } - } - fclose(fp); - - return 0; -} diff --git a/status b/status index 505a900bb..912ccf30c 100644 --- a/status +++ b/status @@ -1,3 +1,7 @@ +main:14864, LTS 10890 +removed restricted-shell + + Aug 26 - merge mainline Phase 2