github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #712] Test for shell interpreter inside chroot is wrong #484

New issue

Closed

opened 2026-05-05 05:57:07 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 05:57:07 -06:00

Owner

Originally created by @nuxwin on GitHub (Aug 14, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/712

The current test for the shell availability inside the chroot (fs.c) is wrong, leading to the following error:

Error: cannot find (null) in chroot directory

if the interpreter is not also present in the system fs.

Indeed, the test is made on the system fs (chroot() system call is done later on) while it should be done inside the chroot. A shell available inside the chroot can be missing in system fs (busybox ash case). There is also a pointer problem in the code (on error, (null) is showed instead of the cfg.shell value).

I'll do a PR soon.

Originally created by @nuxwin on GitHub (Aug 14, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/712 The current test for the shell availability inside the chroot (fs.c) is wrong, leading to the following error: ``` Error: cannot find (null) in chroot directory ``` if the interpreter is not also present in the system fs. Indeed, the test is made on the system fs (chroot() system call is done later on) while it should be done inside the chroot. A shell available inside the chroot can be missing in system fs (busybox ash case). There is also a pointer problem in the code (on error, (null) is showed instead of the cfg.shell value). I'll do a PR soon.

gitea-mirror closed this issue

2026-05-05 05:57:09 -06:00

gitea-mirror commented

2026-05-05 05:57:12 -06:00

Author

Owner

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30

Note also that the check from main.c file for the shell access should be done only if the --chroot option is not defined. Doing this test here when the --chroot option is used will result to:

Error: cannot access shell file

Even if the shell file is available in the chroot.

@nuxwin commented on GitHub (Aug 14, 2016): @netblue30 Note also that the check from main.c file for the shell access should be done only if the `--chroot` option is not defined. Doing this test here when the `--chroot` option is used will result to: ``` Error: cannot access shell file ``` Even if the shell file is available in the chroot.

gitea-mirror commented

2026-05-05 05:57:16 -06:00

Author

Owner

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30 I'll make a PR fixing issues reported here.

@nuxwin commented on GitHub (Aug 14, 2016): @netblue30 I'll make a PR fixing issues reported here.

gitea-mirror commented

2026-05-05 05:57:18 -06:00

Author

Owner

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30

See the referenced PR.

Summary

If the --chroot option is used, test for shell access is made inside the chroot fs (there is no need to check on system fs since we have interest only to chroot fs)
If the --chroot option is not used, test for shell access is made on system fs
Test made in fs.c becomes obsolete. However, I've fixed it just in case.

@nuxwin commented on GitHub (Aug 14, 2016): @netblue30 See the referenced PR. **Summary** - If the `--chroot` option is used, test for shell access is made inside the chroot fs (there is no need to check on system fs since we have interest only to chroot fs) - If the `--chroot` option is not used, test for shell access is made on system fs - Test made in fs.c becomes obsolete. However, I've fixed it just in case.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#484

No description provided.

Rows
Columns