diff options
| author |  netblue30 <netblue30@protonmail.com> | 2020-08-22 06:41:56 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-08-22 06:41:56 -0500 |
| commit | 14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch) | |
| tree | 2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/fcopy/main.c | |
| parent | Merge pull request #3594 from smitsohu/ls (diff) | |
| parent | cleanup (diff) | |
| download | firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip | |
Merge pull request #3572 from smitsohu/dumpable
hardening: run plugins with dumpable flag cleared
Diffstat (limited to 'src/fcopy/main.c')
| -rw-r--r-- | src/fcopy/main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 83d9c17e6..67237b4ea 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
| @@ -23,6 +23,7 @@ | |||
| 23 | #include <ftw.h> | 23 | #include <ftw.h> |
| 24 | #include <errno.h> | 24 | #include <errno.h> |
| 25 | #include <pwd.h> | 25 | #include <pwd.h> |
| 26 | #include <sys/prctl.h> | ||
| 26 | 27 | ||
| 27 | #if HAVE_SELINUX | 28 | #if HAVE_SELINUX |
| 28 | #include <sys/stat.h> | 29 | #include <sys/stat.h> |
| @@ -411,6 +412,11 @@ int main(int argc, char **argv) { | |||
| 411 | exit(1); | 412 | exit(1); |
| 412 | } | 413 | } |
| 413 | 414 | ||
| 415 | #ifdef WARN_DUMPABLE | ||
| 416 | if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid()) | ||
| 417 | fprintf(stderr, "Error fcopy: I am dumpable\n"); | ||
| 418 | #endif | ||
| 419 | |||
| 414 | // trim trailing chars | 420 | // trim trailing chars |
| 415 | if (src[strlen(src) - 1] == '/') | 421 | if (src[strlen(src) - 1] == '/') |
| 416 | src[strlen(src) - 1] = '\0'; | 422 | src[strlen(src) - 1] = '\0'; |