Skip to content

Commit

Permalink
/etc/resolv.conf overwrite
Browse files Browse the repository at this point in the history
  • Loading branch information
netblue30 committed Nov 2, 2016
1 parent 19302eb commit 4f4e59c
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
7 changes: 6 additions & 1 deletion RELNOTES
View file
@@ -1,4 +1,9 @@
firejail (0.9.38.3) baseline; urgency=low
firejail (0.9.38.5) baseline; urgency=low
* this is a development release
* security: overwrite /etc/resolv.conf found by Martin Carpenter
-- netblue30 <netblue30@yahoo.com> Mon, 2 Nov 2016 10:00:00 -0500

firejail (0.9.38.4) baseline; urgency=low
* CVE-2016-7545 submitted by Aleksey Manevich
* bugfixes
-- netblue30 <netblue30@yahoo.com> Mon, 10 Oct 2016 10:00:00 -0500
Expand Down
2 changes: 1 addition & 1 deletion configure.ac
View file
@@ -1,5 +1,5 @@
AC_PREREQ([2.68])
AC_INIT(firejail, 0.9.38.4, netblue30@yahoo.com, , http://firejail.wordpress.com)
AC_INIT(firejail, 0.9.38.5, netblue30@yahoo.com, , http://firejail.wordpress.com)
AC_CONFIG_SRCDIR([src/firejail/main.c])
#AC_CONFIG_HEADERS([config.h])

Expand Down
8 changes: 8 additions & 0 deletions src/firejail/main.c
View file
Expand Up @@ -903,6 +903,14 @@ int main(int argc, char **argv) {
return 1;
}

// don't allow "--chroot=/"
char *rpath = realpath(cfg.chrootdir, NULL);
if (rpath == NULL || strcmp(rpath, "/") == 0) {
fprintf(stderr, "Error: invalid chroot directory\n");
exit(1);
}
free(rpath);

// check chroot directory structure
if (fs_check_chroot_dir(cfg.chrootdir)) {
fprintf(stderr, "Error: invalid chroot\n");
Expand Down

0 comments on commit 4f4e59c

Please sign in to comment.