pool/firejail
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
firejail/firejail-CVE-2017-5180-fix1.patch
Ismail Dönmez 7a7ff5e7fe Accepting request 448835 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44.2:
  Security fixes:
  * overwrite /etc/resolv.conf found by Martin Carpenter
  * TOCTOU exploit for –get and –put found by Daniel Hodson
  * invalid environment exploit found by Martin Carpenter
  * several security enhancements
  Bugfixes:
  * crashing VLC by pressing Ctrl-O
  * use user configured icons in KDE
  * mkdir and mkfile are not applied to private directories
  * cannot open files on Deluge running under KDE
  * –private=dir where dir is the user home directory
  * cannot start Vivaldi browser
  * cannot start mupdf
  * ssh profile problems
  * –quiet
  * quiet in git profile
  * memory corruption
- Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
  firejail-CVE-2017-5180-fix1.patch
  firejail-CVE-2017-5180-fix2.patch

OBS-URL: https://build.opensuse.org/request/show/448835
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=5
2017-01-07 09:27:56 +00:00

73 lines
2.0 KiB
Diff
Raw Blame History

From 60d4b478f65c60bcc825bb56f85fd6c4fd48b250 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Jan 2017 11:59:46 -0500
Subject: [PATCH] security fix
---
src/firejail/fs_home.c | 14 ++++++++++++++
src/firejail/pulseaudio.c | 15 +++++++++++++++
2 files changed, 29 insertions(+)
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -171,6 +171,13 @@ static void copy_xauthority(void) {
char *dest;
if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
// copy, set permissions and ownership
int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
if (rv)
@@ -189,6 +196,13 @@ static void copy_asoundrc(void) {
char *dest;
if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
// copy, set permissions and ownership
int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
if (rv)
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -138,7 +138,15 @@ void pulseaudio_init(void) {
(void) rv;
}
}
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config directory is not owned by the current user\n");
+ exit(1);
+ }
+ }
free(dir1);
+
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
@@ -150,6 +158,13 @@ void pulseaudio_init(void) {
(void) rv;
}
}
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config/pulse directory is not owned by the current user\n");
+ exit(1);
+ }
+ }
free(dir1);
Reference in New Issue View Git Blame Copy Permalink