diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-06 10:28:04 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-06 10:28:04 -0400 |
commit | fc5edbced21973e4309d5f77f5384f70defa0cd8 (patch) | |
tree | 747c888504e5706c5925d9e3ab0946eef29dc072 | |
parent | grsecurity: fs.print (diff) | |
download | firejail-fc5edbced21973e4309d5f77f5384f70defa0cd8.tar.gz firejail-fc5edbced21973e4309d5f77f5384f70defa0cd8.tar.zst firejail-fc5edbced21973e4309d5f77f5384f70defa0cd8.zip |
grsecurity: --dns.print
-rw-r--r-- | src/firejail/network_main.c | 2 | ||||
-rwxr-xr-x | test/dns-print.exp | 21 | ||||
-rwxr-xr-x | test/test.sh | 3 |
3 files changed, 26 insertions, 0 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 80f3bd579..e6d5cd5d7 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -247,7 +247,9 @@ void net_dns_print(pid_t pid) { | |||
247 | // drop privileges - will not be able to read /etc/resolv.conf for --noroot option | 247 | // drop privileges - will not be able to read /etc/resolv.conf for --noroot option |
248 | 248 | ||
249 | // if the pid is that of a firejail process, use the pid of the first child process | 249 | // if the pid is that of a firejail process, use the pid of the first child process |
250 | EUID_ROOT(); | ||
250 | char *comm = pid_proc_comm(pid); | 251 | char *comm = pid_proc_comm(pid); |
252 | EUID_USER(); | ||
251 | if (comm) { | 253 | if (comm) { |
252 | if (strcmp(comm, "firejail") == 0) { | 254 | if (strcmp(comm, "firejail") == 0) { |
253 | pid_t child; | 255 | pid_t child; |
diff --git a/test/dns-print.exp b/test/dns-print.exp new file mode 100755 index 000000000..ee7b08e5e --- /dev/null +++ b/test/dns-print.exp | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test --dns=1.2.3.4\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --dns.print=test\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "nameserver 1.2.3.4" | ||
19 | } | ||
20 | sleep 1 | ||
21 | puts "\nall done\n" | ||
diff --git a/test/test.sh b/test/test.sh index 417d41810..d36fbcb75 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -9,6 +9,9 @@ | |||
9 | echo "TESTING: fs.print (fs-print.exp)" | 9 | echo "TESTING: fs.print (fs-print.exp)" |
10 | ./fs-print.exp | 10 | ./fs-print.exp |
11 | 11 | ||
12 | echo "TESTING: dns.print (dns-print.exp)" | ||
13 | ./dns-print.exp | ||
14 | |||
12 | echo "TESTING: caps.print (caps-print.exp)" | 15 | echo "TESTING: caps.print (caps-print.exp)" |
13 | ./caps-print.exp | 16 | ./caps-print.exp |
14 | 17 | ||