Merge pull request #3572 from smitsohu/dumpable

hardening: run plugins with dumpable flag cleared
author: netblue30 <netblue30@protonmail.com> 2020-08-22 06:41:56 -0500
committer: GitHub <noreply@github.com> 2020-08-22 06:41:56 -0500
commit: 14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch)
tree: 2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/fsec-optimize/main.c
parent: Merge pull request #3594 from smitsohu/ls (diff)
parent: cleanup (diff)
download: firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz
firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst
firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 416d85b88..fb13eeca8 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -44,6 +44,12 @@ printf("\n");
                return 0;
        }
+#ifdef WARN_DUMPABLE
+        // check FIREJAIL_PLUGIN in order to not print a warning during make
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
+#endif
        char *fname = argv[1];
        // open input file
author	netblue30 <netblue30@protonmail.com>	2020-08-22 06:41:56 -0500
committer	GitHub <noreply@github.com>	2020-08-22 06:41:56 -0500
commit	14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch)
tree	2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/fsec-optimize/main.c
parent	Merge pull request #3594 from smitsohu/ls (diff)
parent	cleanup (diff)
download	firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip