diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
commit | 02a66f7e4086097a98dfdac0b47c9909908360a0 (patch) | |
tree | 443fb269e84c89842965677386260e71b85de227 /src/firejail/no_sandbox.c | |
parent | moved sandbox name to /run/firejail/name/<PID> (diff) | |
download | firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip |
euid switching
Diffstat (limited to 'src/firejail/no_sandbox.c')
-rw-r--r-- | src/firejail/no_sandbox.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 15d61362a..9f9ace527 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -26,6 +26,8 @@ | |||
26 | // check process space for kernel processes | 26 | // check process space for kernel processes |
27 | // return 1 if found, 0 if not found | 27 | // return 1 if found, 0 if not found |
28 | int check_kernel_procs(void) { | 28 | int check_kernel_procs(void) { |
29 | EUID_ASSERT(); | ||
30 | |||
29 | char *kern_proc[] = { | 31 | char *kern_proc[] = { |
30 | "kthreadd", | 32 | "kthreadd", |
31 | "ksoftirqd", | 33 | "ksoftirqd", |
@@ -97,14 +99,7 @@ int check_kernel_procs(void) { | |||
97 | } | 99 | } |
98 | 100 | ||
99 | void run_no_sandbox(int argc, char **argv) { | 101 | void run_no_sandbox(int argc, char **argv) { |
100 | // drop privileges | 102 | EUID_ASSERT(); |
101 | int rv = setgroups(0, NULL); // this could fail | ||
102 | (void) rv; | ||
103 | if (setgid(getgid()) < 0) | ||
104 | errExit("setgid/getgid"); | ||
105 | if (setuid(getuid()) < 0) | ||
106 | errExit("setuid/getuid"); | ||
107 | |||
108 | 103 | ||
109 | // build command | 104 | // build command |
110 | char *command = NULL; | 105 | char *command = NULL; |
@@ -141,7 +136,7 @@ void run_no_sandbox(int argc, char **argv) { | |||
141 | // start the program in /bin/sh | 136 | // start the program in /bin/sh |
142 | fprintf(stderr, "Warning: an existing sandbox was detected. " | 137 | fprintf(stderr, "Warning: an existing sandbox was detected. " |
143 | "%s will run without any additional sandboxing features in a /bin/sh shell\n", command); | 138 | "%s will run without any additional sandboxing features in a /bin/sh shell\n", command); |
144 | rv = system(command); | 139 | int rv = system(command); |
145 | (void) rv; | 140 | (void) rv; |
146 | if (allocated) | 141 | if (allocated) |
147 | free(command); | 142 | free(command); |