pool/firejail
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 448835 from home:tiwai:branches:Virtualization

Browse Source 
- Update to version 0.9.44.2:
  Security fixes:
  * overwrite /etc/resolv.conf found by Martin Carpenter
  * TOCTOU exploit for –get and –put found by Daniel Hodson
  * invalid environment exploit found by Martin Carpenter
  * several security enhancements
  Bugfixes:
  * crashing VLC by pressing Ctrl-O
  * use user configured icons in KDE
  * mkdir and mkfile are not applied to private directories
  * cannot open files on Deluge running under KDE
  * –private=dir where dir is the user home directory
  * cannot start Vivaldi browser
  * cannot start mupdf
  * ssh profile problems
  * –quiet
  * quiet in git profile
  * memory corruption
- Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
  firejail-CVE-2017-5180-fix1.patch
  firejail-CVE-2017-5180-fix2.patch

OBS-URL: https://build.opensuse.org/request/show/448835
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=5
This commit is contained in:
Ismail Dönmez 2017-01-07 09:27:56 +00:00 committed by Git OBS Bridge
parent c5bd94cd19
commit 7a7ff5e7fe
6 changed files with 373 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
firejail-0.9.44.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c5adef1943daa33049c4c39e5a19a0d02b897f1b1581be094ec600490dde8851
size 213092

3
firejail-0.9.44.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2cd8ba061a546b593e52748ebbcd8dbdac55973aaeff21250ada43fe3405992c
size 212532

72
firejail-CVE-2017-5180-fix1.patch Normal file
View File

@ -0,0 +1,72 @@
From 60d4b478f65c60bcc825bb56f85fd6c4fd48b250 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Jan 2017 11:59:46 -0500
Subject: [PATCH] security fix
---
src/firejail/fs_home.c | 14 ++++++++++++++
src/firejail/pulseaudio.c | 15 +++++++++++++++
2 files changed, 29 insertions(+)
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -171,6 +171,13 @@ static void copy_xauthority(void) {
char *dest;
if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
// copy, set permissions and ownership
int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
if (rv)
@@ -189,6 +196,13 @@ static void copy_asoundrc(void) {
char *dest;
if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
// copy, set permissions and ownership
int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
if (rv)
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -138,7 +138,15 @@ void pulseaudio_init(void) {
(void) rv;
}
}
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config directory is not owned by the current user\n");
+ exit(1);
+ }
+ }
free(dir1);
+
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
@@ -150,6 +158,13 @@ void pulseaudio_init(void) {
(void) rv;
}
}
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config/pulse directory is not owned by the current user\n");
+ exit(1);
+ }
+ }
free(dir1);

268
firejail-CVE-2017-5180-fix2.patch Normal file
View File

@ -0,0 +1,268 @@
From e74fdab5d2125ce8f058c1630ce7cce19cbdac16 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Jan 2017 18:13:45 -0500
Subject: [PATCH] security fixes
---
src/firejail/fs_home.c | 118 +++++++++++++++++++++++++++++++++++++---------
src/firejail/pulseaudio.c | 47 +++++++++++++-----
src/firejail/util.c | 4 -
3 files changed, 134 insertions(+), 35 deletions(-)
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -108,6 +108,14 @@ static int store_xauthority(void) {
char *src;
char *dest = RUN_XAUTHORITY_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
@@ -117,12 +125,28 @@ static int store_xauthority(void) {
fprintf(stderr, "Warning: invalid .Xauthority file\n");
return 0;
}
-
- int rv = copy_file(src, dest, -1, -1, 0600);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
- return 0;
+
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0600);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -135,6 +159,14 @@ static int store_asoundrc(void) {
char *src;
char *dest = RUN_ASOUNDRC_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
@@ -154,11 +186,27 @@ static int store_asoundrc(void) {
free(rp);
}
- int rv = copy_file(src, dest, -1, -1, -0644);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
- return 0;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0644);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -178,13 +226,27 @@ static void copy_xauthority(void) {
exit(1);
}
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
- else {
- fs_logger2("clone", dest);
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
@@ -203,13 +265,27 @@ static void copy_asoundrc(void) {
exit(1);
}
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
- else {
- fs_logger2("clone", dest);
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -21,6 +21,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
+#include <sys/wait.h>
#include <dirent.h>
static void disable_file(const char *path, const char *file) {
@@ -130,13 +131,24 @@ void pulseaudio_init(void) {
if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0755);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0755);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0755);
+ if (rv == 0) {
+ rv = chown(dir1, getuid(), getgid());
+ (void) rv;
+ rv = chmod(dir1, 0755);
+ (void) rv;
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
}
else {
// make sure the directory is owned by the user
@@ -150,13 +162,24 @@ void pulseaudio_init(void) {
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0700);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0700);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0700);
+ if (rv == 0) {
+ rv = chown(dir1, getuid(), getgid());
+ (void) rv;
+ rv = chmod(dir1, 0700);
+ (void) rv;
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
}
else {
// make sure the directory is owned by the user
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -179,14 +179,14 @@ int copy_file(const char *srcname, const
// open source
int src = open(srcname, O_RDONLY);
if (src < 0) {
- fprintf(stderr, "Warning: cannot open %s, file not copied\n", srcname);
+ fprintf(stderr, "Warning: cannot open source file %s, file not copied\n", srcname);
return -1;
}
// open destination
int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (dst < 0) {
- fprintf(stderr, "Warning: cannot open %s, file not copied\n", destname);
+ fprintf(stderr, "Warning: cannot open destination file %s, file not copied\n", destname);
close(src);
return -1;
}

25
firejail.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu Jan 5 10:38:43 CET 2017 - tiwai@suse.de
- Update to version 0.9.44.2:
Security fixes:
* overwrite /etc/resolv.conf found by Martin Carpenter
* TOCTOU exploit for get and put found by Daniel Hodson
* invalid environment exploit found by Martin Carpenter
* several security enhancements
Bugfixes:
* crashing VLC by pressing Ctrl-O
* use user configured icons in KDE
* mkdir and mkfile are not applied to private directories
* cannot open files on Deluge running under KDE
* private=dir where dir is the user home directory
* cannot start Vivaldi browser
* cannot start mupdf
* ssh profile problems
* quiet
* quiet in git profile
* memory corruption
- Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
firejail-CVE-2017-5180-fix1.patch
firejail-CVE-2017-5180-fix2.patch
-------------------------------------------------------------------
Thu Oct 27 17:49:48 CEST 2016 - tiwai@suse.de

6
firejail.spec
View File

@ -17,7 +17,7 @@
Name: firejail
Version: 0.9.44
Version: 0.9.44.2
Release: 0
Summary: Linux namepaces sandbox program
License: GPL-2.0
@ -25,6 +25,8 @@ Group: Productivity/Security
Url: https://firejail.wordpress.com/
Source0: %{name}-%{version}.tar.xz
Source1: %{name}.rpmlintrc
Patch1: firejail-CVE-2017-5180-fix1.patch
Patch2: firejail-CVE-2017-5180-fix2.patch
BuildRequires: libapparmor-devel
BuildRequires: gcc-c++
Requires(pre): permissions
@ -40,6 +42,8 @@ Linux namespace support. It supports sandboxing specific users upon login.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
%configure --docdir=%{_docdir}/%{name} \