mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
fix --private-cwd problem
This commit is contained in:
netblue30
parent
f43d120251
commit
d2e10f8b72
2 changed files with 14 additions and 4 deletions
|
|
@ -456,15 +456,20 @@ void fs_check_private_dir(void) {
|
|||
void fs_check_private_cwd(const char *dir) {
|
||||
EUID_ASSERT();
|
||||
invalid_filename(dir, 0); // no globbing
|
||||
if (strcmp(dir, ".") == 0 || *dir != '/')
|
||||
goto errout;
|
||||
|
||||
// Expand the working directory
|
||||
cfg.cwd = expand_macros(dir);
|
||||
|
||||
// realpath/is_dir not used because path may not exist outside of jail
|
||||
if (strstr(cfg.cwd, "..")) {
|
||||
fprintf(stderr, "Error: invalid private working directory\n");
|
||||
exit(1);
|
||||
}
|
||||
if (strstr(cfg.cwd, ".."))
|
||||
goto errout;
|
||||
|
||||
return;
|
||||
errout:
|
||||
fprintf(stderr, "Error: invalid private working directory\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
//***********************************************************************************
|
||||
|
|
|
|||
|
|
@ -1058,6 +1058,11 @@ int sandbox(void* sandbox_arg) {
|
|||
EUID_USER();
|
||||
int cwd = 0;
|
||||
if (cfg.cwd) {
|
||||
if (is_link(cfg.cwd)) {
|
||||
fprintf(stderr, "Error: unable to enter private working directory: %s\n", cfg.cwd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (chdir(cfg.cwd) == 0)
|
||||
cwd = 1;
|
||||
else if (arg_private_cwd) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue