Esempio n. 1
0
void fs_mkfile(const char *name) {
	EUID_ASSERT();

	// check file name
	invalid_filename(name, 0); // no globbing
	char *expanded = expand_macros(name);
	if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
	    strncmp(expanded, "/tmp", 4) != 0) {
		fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n");
		exit(1);
	}

	struct stat s;
	if (stat(expanded, &s) == 0) {
		// file exists, do nothing
		goto doexit;
	}

	// create file
	touch_file_as_user(expanded, 0600);

doexit:
	free(expanded);
}
Esempio n. 2
0
File: x11.c Progetto: maces/firejail
void x11_xorg(void) {
#ifdef HAVE_X11
	// destination - create an empty ~/.Xauthotrity file if it doesn't exist already, and use it as a mount point
	char *dest;
	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
		errExit("asprintf");
	struct stat s;
	if (stat(dest, &s) == -1) {
		// create an .Xauthority file
		touch_file_as_user(dest, getuid(), getgid(), 0600);
	}

	// check xauth utility is present in the system
	if (stat("/usr/bin/xauth", &s) == -1) {
		fprintf(stderr, "Error: cannot find /usr/bin/xauth executable\n");
		exit(1);
	}

	// temporarily mount a tempfs on top of /tmp directory
	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
		errExit("mounting /tmp");

	// create a temporary .Xauthority file
	char tmpfname[] = "/tmp/.tmpXauth-XXXXXX";
	int fd = mkstemp(tmpfname);
	if (fd == -1) {
		fprintf(stderr, "Error: cannot create .Xauthority file\n");
		exit(1);
	}
	if (fchown(fd, getuid(), getgid()) == -1)
		errExit("chown");
	close(fd);

	pid_t child = fork();
	if (child < 0)
		errExit("fork");
	if (child == 0) {
		// generate the new .Xauthority file using xauth utility
		if (arg_debug)
			printf("Generating a new .Xauthority file\n");
		drop_privs(1);

		char *display = getenv("DISPLAY");
		if (!display)
			display = ":0.0";
		
		clearenv();
		execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
			"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); 
		
#ifdef HAVE_GCOV
		__gcov_flush();
#endif
		_exit(0);
	}

	// wait for the child to finish
	waitpid(child, NULL, 0);

	// check the file was created and set mode and ownership
	if (stat(tmpfname, &s) == -1) {
		fprintf(stderr, "Error: cannot create the new .Xauthority file\n");
		exit(1);
	}
	if (set_perms(tmpfname, getuid(), getgid(), 0600))
		errExit("set_perms");
	
	// move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted
	// automatically when the sandbox is closed
	if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) { // root needed
		fprintf(stderr, "Error: cannot create the new .Xauthority file\n");
		exit(1);
	}
	if (set_perms(RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600))
		errExit("set_perms");
	/* coverity[toctou] */
	unlink(tmpfname);
	
	// mount
	if (mount(RUN_XAUTHORITY_SEC_FILE, dest, "none", MS_BIND, "mode=0600") == -1) {
		fprintf(stderr, "Error: cannot mount the new .Xauthority file\n");
		exit(1);
	}
	if (set_perms(dest, getuid(), getgid(), 0600))
		errExit("set_perms");
	free(dest);
	
	// unmount /tmp
	umount("/tmp");
#endif	
}