prevent leaking user information by modifying /home directory, /etc/p…

…asswd and /etc/group
kmk3 · Nov 19, 2015 · 4f003da · 4f003da
1 parent bd16cb3
commit 4f003da
Show file tree

Hide file tree

Showing 4 changed files with 344 additions and 54 deletions.
diff --git a/RELNOTES b/RELNOTES
@@ -1,7 +1,9 @@
-firejail (0.9.34) baseline; urgency=low
+firejail (0.9.35) baseline; urgency=low
   * added  unbound and dnscrypt-proxy profiles
   * added --noblacklist option
   * whitelist command enhancements
+  * prevent leaking user information by modifying /home directory,
+          /etc/passwd and /etc/group
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  ongoing development
 

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
@@ -52,6 +52,8 @@
 #define RESOLVCONF_FILE	"/run/firejail/mnt/resolv.conf"
 #define LDPRELOAD_FILE	"/run/firejail/mnt/ld.so.preload"
 #define UTMP_FILE		"/run/firejail/mnt/utmp"
+#define PASSWD_FILE		"/run/firejail/mnt/passwd"
+#define GROUP_FILE		"/run/firejail/mnt/group"
 
 // profiles
 #define DEFAULT_USER_PROFILE	"generic"
@@ -468,5 +470,10 @@ void protocol_store(const char *prlist);
 void protocol_filter(void);
 void protocol_filter_save(void);
 void protocol_filter_load(const char *fname);
+
+// restrict_users.c
+void restrict_users(void);
+
+
 #endif
 
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
@@ -539,49 +539,6 @@ void fs_proc_sys_dev_boot(void) {
 	}
 }
 
-static void sanitize_home(void) {
-	assert(getuid() != 0);	// this code works only for regular users
-
-	if (arg_debug)
-		printf("Cleaning /home directory\n");
-
-	struct stat s;
-	if (stat(cfg.homedir, &s) == -1) {
-		// cannot find home directory, just return
-		fprintf(stderr, "Warning: cannot find home directory\n");
-		return;
-	}
-
-	fs_build_mnt_dir();
-	if (mkdir(WHITELIST_HOME_DIR, 0755) == -1)
-		errExit("mkdir");
-
-	// keep a copy of the user home directory
-	if (mount(cfg.homedir, WHITELIST_HOME_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
-		errExit("mount bind");
-
-	// mount tmpfs in the new home
-	if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
-		errExit("mount tmpfs");
-
-	// create user home directory
-	if (mkdir(cfg.homedir, 0755) == -1)
-		errExit("mkdir");
-
-	// set mode and ownership
-	if (chown(cfg.homedir, s.st_uid, s.st_gid) == -1)
-		errExit("chown");
-	if (chmod(cfg.homedir, s.st_mode) == -1)
-		errExit("chmod");
-
-	// mount user home directory
-	if (mount(WHITELIST_HOME_DIR, cfg.homedir, NULL, MS_BIND|MS_REC, NULL) < 0)
-		errExit("mount bind");
-
-	// mask home dir under /run
-	if (mount("tmpfs", WHITELIST_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
-		errExit("mount tmpfs");
-}
 
 // build a basic read-only filesystem
 void fs_basic_fs(void) {
@@ -605,9 +562,8 @@ void fs_basic_fs(void) {
 	fs_var_cache();
 	fs_var_utmp();
 
-	// only in user mode
-	if (getuid())
-		sanitize_home();
+	// don't leak user information
+	restrict_users();
 }
 
 
@@ -751,9 +707,8 @@ void fs_overlayfs(void) {
 	fs_var_cache();
 	fs_var_utmp();
 
-	// only in user mode
-	if (getuid())
-		sanitize_home();
+	// don't leak user information
+	restrict_users();
 
 	// cleanup and exit
 	free(option);
@@ -874,10 +829,8 @@ void fs_chroot(const char *rootdir) {
 	fs_var_cache();
 	fs_var_utmp();
 
-	// only in user mode
-	if (getuid())
-		sanitize_home();
-
+	// don't leak user information
+	restrict_users();
 }
 #endif