36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 2c734d6350ad321fccbefc5ef0382199ac331b37 Mon Sep 17 00:00:00 2001
|
|
From: Reiner Herrmann <reiner@reiner-h.de>
|
|
Date: Wed, 29 Jul 2020 20:16:16 +0200
|
|
Subject: [PATCH] firejail: don't interpret output arguments after
|
|
end-of-options tag
|
|
|
|
Firejail was parsing --output and --output-stderr options even after
|
|
the end-of-options separator ("--"), which would allow someone who
|
|
has control over command line options of the sandboxed application,
|
|
to write data to a specified file.
|
|
|
|
Fixes: CVE-2020-17367
|
|
|
|
Reported-by: Tim Starling <tstarling@wikimedia.org>
|
|
---
|
|
src/firejail/output.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/firejail/output.c b/src/firejail/output.c
|
|
index d4a7f464a..6e678afd3 100644
|
|
--- a/src/firejail/output.c
|
|
+++ b/src/firejail/output.c
|
|
@@ -30,6 +30,12 @@ void check_output(int argc, char **argv) {
|
|
int enable_stderr = 0;
|
|
|
|
for (i = 1; i < argc; i++) {
|
|
+ if (strncmp(argv[i], "--", 2) != 0) {
|
|
+ return;
|
|
+ }
|
|
+ if (strcmp(argv[i], "--") == 0) {
|
|
+ return;
|
|
+ }
|
|
if (strncmp(argv[i], "--output=", 9) == 0) {
|
|
outindex = i;
|
|
break;
|