aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2019-06-04 13:12:14 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2019-06-04 13:12:14 -0400
commitc8588f3953bc5be16b24c17197303487e130c8d6 (patch)
tree87396cd20bdedb797bc2a6594073902b4e734a0c
parentmerge: mount runtime seccomp files read-only (diff)
downloadfirejail-c8588f3953bc5be16b24c17197303487e130c8d6.tar.gz
firejail-c8588f3953bc5be16b24c17197303487e130c8d6.tar.zst
firejail-c8588f3953bc5be16b24c17197303487e130c8d6.zip
merge: shutdown option: give sandbox time to terminate;shutdown option: paranoid sleep - fix for CVE-2019-12499
Diffstat
-rw-r--r--src/firejail/shutdown.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index be20cd353..87cf3eef8 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -62,15 +62,16 @@ void shut(pid_t pid) {
62 printf("Sending SIGTERM to %u\n", pid); 62 printf("Sending SIGTERM to %u\n", pid);
63 kill(pid, SIGTERM); 63 kill(pid, SIGTERM);
64 64
65 // wait for not more than 10 seconds 65 // wait for not more than 11 seconds
66 sleep(2); 66 int monsec = 11;
67 int monsec = 8;
68 char *monfile; 67 char *monfile;
69 if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1) 68 if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1)
70 errExit("asprintf"); 69 errExit("asprintf");
71 int killdone = 0; 70 int killdone = 0;
72 71
73 while (monsec) { 72 while (monsec) {
73 sleep(1);
74 monsec--;
74 FILE *fp = fopen(monfile, "r"); 75 FILE *fp = fopen(monfile, "r");
75 if (!fp) { 76 if (!fp) {
76 killdone = 1; 77 killdone = 1;
@@ -85,9 +86,6 @@ void shut(pid_t pid) {
85 killdone = 1; 86 killdone = 1;
86 break; 87 break;
87 } 88 }
88
89 sleep(1);
90 monsec--;
91 } 89 }
92 free(monfile); 90 free(monfile);
93 91
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-05-02 00:59:35 +0000