security fix

2 files changed, 2 insertions, 8 deletions

diff --git a/RELNOTES b/RELNOTES
index 969eecb24..b9a982d77 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
 firejail (0.9.45) baseline; urgency=low
   * development version, work in progress
+  * security: --bandwidth root shel found by Martin Carpenter
   * security: disabled --allow-debuggers when running on kernel
     versions prior to 4.8; a kernel bug in ptrace system call
     allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index 5e9002f22..84c9dc53a 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -435,15 +435,8 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in
         if (setregid(0, 0))
                 errExit("setregid");
 
-        if (!cfg.shell)
-                cfg.shell = guess_shell();
-        if (!cfg.shell) {
-                fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n");
-                exit(1);
-        }
-
         char *arg[4];
-        arg[0] = cfg.shell;
+        arg[0] = "/bin/sh";
         arg[1] = "-c";
         arg[2] = cmd;
         arg[3] = NULL;