pool/firejail
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
firejail/firejail-CVE-2017-5180-fix2.patch
Ismail Dönmez 7a7ff5e7fe Accepting request 448835 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44.2:
  Security fixes:
  * overwrite /etc/resolv.conf found by Martin Carpenter
  * TOCTOU exploit for –get and –put found by Daniel Hodson
  * invalid environment exploit found by Martin Carpenter
  * several security enhancements
  Bugfixes:
  * crashing VLC by pressing Ctrl-O
  * use user configured icons in KDE
  * mkdir and mkfile are not applied to private directories
  * cannot open files on Deluge running under KDE
  * –private=dir where dir is the user home directory
  * cannot start Vivaldi browser
  * cannot start mupdf
  * ssh profile problems
  * –quiet
  * quiet in git profile
  * memory corruption
- Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
  firejail-CVE-2017-5180-fix1.patch
  firejail-CVE-2017-5180-fix2.patch

OBS-URL: https://build.opensuse.org/request/show/448835
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=5
2017-01-07 09:27:56 +00:00

269 lines
6.9 KiB
Diff
Raw Blame History

From e74fdab5d2125ce8f058c1630ce7cce19cbdac16 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Jan 2017 18:13:45 -0500
Subject: [PATCH] security fixes
---
src/firejail/fs_home.c | 118 +++++++++++++++++++++++++++++++++++++---------
src/firejail/pulseaudio.c | 47 +++++++++++++-----
src/firejail/util.c | 4 -
3 files changed, 134 insertions(+), 35 deletions(-)
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -108,6 +108,14 @@ static int store_xauthority(void) {
char *src;
char *dest = RUN_XAUTHORITY_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
@@ -117,12 +125,28 @@ static int store_xauthority(void) {
fprintf(stderr, "Warning: invalid .Xauthority file\n");
return 0;
}
-
- int rv = copy_file(src, dest, -1, -1, 0600);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
- return 0;
+
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0600);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -135,6 +159,14 @@ static int store_asoundrc(void) {
char *src;
char *dest = RUN_ASOUNDRC_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
@@ -154,11 +186,27 @@ static int store_asoundrc(void) {
free(rp);
}
- int rv = copy_file(src, dest, -1, -1, -0644);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
- return 0;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0644);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -178,13 +226,27 @@ static void copy_xauthority(void) {
exit(1);
}
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
- else {
- fs_logger2("clone", dest);
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
@@ -203,13 +265,27 @@ static void copy_asoundrc(void) {
exit(1);
}
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
- else {
- fs_logger2("clone", dest);
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+#ifdef HAVE_GCOV
+ __gcov_flush();
+#endif
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -21,6 +21,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
+#include <sys/wait.h>
#include <dirent.h>
static void disable_file(const char *path, const char *file) {
@@ -130,13 +131,24 @@ void pulseaudio_init(void) {
if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0755);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0755);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0755);
+ if (rv == 0) {
+ rv = chown(dir1, getuid(), getgid());
+ (void) rv;
+ rv = chmod(dir1, 0755);
+ (void) rv;
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
}
else {
// make sure the directory is owned by the user
@@ -150,13 +162,24 @@ void pulseaudio_init(void) {
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0700);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0700);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0700);
+ if (rv == 0) {
+ rv = chown(dir1, getuid(), getgid());
+ (void) rv;
+ rv = chmod(dir1, 0700);
+ (void) rv;
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
}
else {
// make sure the directory is owned by the user
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -179,14 +179,14 @@ int copy_file(const char *srcname, const
// open source
int src = open(srcname, O_RDONLY);
if (src < 0) {
- fprintf(stderr, "Warning: cannot open %s, file not copied\n", srcname);
+ fprintf(stderr, "Warning: cannot open source file %s, file not copied\n", srcname);
return -1;
}
// open destination
int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (dst < 0) {
- fprintf(stderr, "Warning: cannot open %s, file not copied\n", destname);
+ fprintf(stderr, "Warning: cannot open destination file %s, file not copied\n", destname);
close(src);
return -1;
}
Reference in New Issue View Git Blame Copy Permalink