Reject passing in -u,-g multiple times
This avoids potential errors where a user/group is clobbered by a
following flag.
Bug: chromium:912146
Test: make tests
Change-Id: I5038fcc9e2e4c9757ea152295afde6367915677e
diff --git a/minijail0_cli.c b/minijail0_cli.c
index 2e25ca6..2106ccb 100644
--- a/minijail0_cli.c
+++ b/minijail0_cli.c
@@ -7,6 +7,7 @@
#include <errno.h>
#include <getopt.h>
#include <inttypes.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -573,6 +574,7 @@
int inherit_suppl_gids = 0, keep_suppl_gids = 0;
int caps = 0, ambient_caps = 0;
int seccomp = -1;
+ bool use_uid = false, use_gid = false;
uid_t uid = 0;
gid_t gid = 0;
char *uidmap = NULL, *gidmap = NULL;
@@ -601,9 +603,21 @@
-1) {
switch (opt) {
case 'u':
+ if (use_uid) {
+ fprintf(stderr,
+ "-u provided multiple times.\n");
+ exit(1);
+ }
+ use_uid = true;
set_user(j, optarg, &uid, &gid);
break;
case 'g':
+ if (use_gid) {
+ fprintf(stderr,
+ "-g provided multiple times.\n");
+ exit(1);
+ }
+ use_gid = true;
set_group(j, optarg, &gid);
break;
case 'n':
diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc
index d5f3c98..a00541a 100644
--- a/minijail0_cli_unittest.cc
+++ b/minijail0_cli_unittest.cc
@@ -123,6 +123,11 @@
argv[1] = "1000x";
ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1), "");
+
+ // Supplying -u more than once is bad.
+ argv = {"-u", kValidUser, "-u", kValidUid, "/bin/sh"};
+ ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1),
+ "-u provided multiple times");
}
// Valid calls to the change group option.
@@ -146,6 +151,11 @@
argv[1] = "1000x";
ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1), "");
+
+ // Supplying -g more than once is bad.
+ argv = {"-g", kValidGroup, "-g", kValidGid, "/bin/sh"};
+ ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1),
+ "-g provided multiple times");
}
// Valid calls to the skip securebits option.
