From 60d4b478f65c60bcc825bb56f85fd6c4fd48b250 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Jan 2017 11:59:46 -0500
Subject: [PATCH] security fix

---
 src/firejail/fs_home.c    |   14 ++++++++++++++
 src/firejail/pulseaudio.c |   15 +++++++++++++++
 2 files changed, 29 insertions(+)

--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -171,6 +171,13 @@ static void copy_xauthority(void) {
 	char *dest;
 	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
 		errExit("asprintf");
+	
+	// if destination is a symbolic link, exit the sandbox!!!
+	if (is_link(dest)) {
+		fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+		exit(1);
+	}
+
 	// copy, set permissions and ownership
 	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
 	if (rv)
@@ -189,6 +196,13 @@ static void copy_asoundrc(void) {
 	char *dest;
 	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
 		errExit("asprintf");
+	
+	// if destination is a symbolic link, exit the sandbox!!!
+	if (is_link(dest)) {
+		fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+		exit(1);
+	}
+
 	// copy, set permissions and ownership
 	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
 	if (rv)
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -138,7 +138,15 @@ void pulseaudio_init(void) {
 			(void) rv;
 		}
 	}
+	else {
+		// make sure the directory is owned by the user
+		if (s.st_uid != getuid()) {
+			fprintf(stderr, "Error: user .config directory is not owned by the current user\n");
+			exit(1);
+		}
+	}
 	free(dir1);
+	
 	if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
 		errExit("asprintf");
 	if (stat(dir1, &s) == -1) {
@@ -150,6 +158,13 @@ void pulseaudio_init(void) {
 			(void) rv;
 		}
 	}
+	else {
+		// make sure the directory is owned by the user
+		if (s.st_uid != getuid()) {
+			fprintf(stderr, "Error: user .config/pulse directory is not owned by the current user\n");
+			exit(1);
+		}
+	}
 	free(dir1);