check privileges for dns.print

author: smitsohu <smitsohu@gmail.com> 2018-08-19 21:56:30 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-08-19 21:56:30 +0200
commit: 8f00453caad6a61d2244653c42e795bdd4e6a587 (patch)
tree: ac7b1ad380c049c040d3f9c9198ed39643b57ff3
parent: fix also the second instance of pid_get_uid (diff)
download: firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.tar.gz
firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.tar.zst
firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index e30d07229..1a40e8a0f 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -283,6 +283,16 @@ void net_dns_print(pid_t pid) {
                free(comm);
        }
+        // check privileges for non-root users
+        uid_t uid = getuid();
+        if (uid != 0) {
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
+                        fprintf(stderr, "Error: permission denied.\n");
+                        exit(1);
+                }
+        }
        EUID_ROOT();
        if (join_namespace(pid, "mnt"))
                exit(1);
author	smitsohu <smitsohu@gmail.com>	2018-08-19 21:56:30 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-08-19 21:56:30 +0200
commit	8f00453caad6a61d2244653c42e795bdd4e6a587 (patch)
tree	ac7b1ad380c049c040d3f9c9198ed39643b57ff3
parent	fix also the second instance of pid_get_uid (diff)
download	firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.tar.gz firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.tar.zst firejail-8f00453caad6a61d2244653c42e795bdd4e6a587.zip

diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e30d07229..1a40e8a0f 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c
@@ -283,6 +283,16 @@ void net_dns_print(pid_t pid) {
283	free(comm);	283	free(comm);
284	}	284	}
285		285
		286	// check privileges for non-root users
		287	uid_t uid = getuid();
		288	if (uid != 0) {
		289	uid_t sandbox_uid = pid_get_uid(pid);
		290	if (uid != sandbox_uid) {
		291	fprintf(stderr, "Error: permission denied.\n");
		292	exit(1);
		293	}
		294	}
		295
286	EUID_ROOT();	296	EUID_ROOT();
287	if (join_namespace(pid, "mnt"))	297	if (join_namespace(pid, "mnt"))
288	exit(1);	298	exit(1);