diff options
author | netblue30 <netblue30@protonmail.com> | 2020-08-22 06:41:56 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-22 06:41:56 -0500 |
commit | 14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch) | |
tree | 2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/fsec-optimize/main.c | |
parent | Merge pull request #3594 from smitsohu/ls (diff) | |
parent | cleanup (diff) | |
download | firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip |
Merge pull request #3572 from smitsohu/dumpable
hardening: run plugins with dumpable flag cleared
Diffstat (limited to 'src/fsec-optimize/main.c')
-rw-r--r-- | src/fsec-optimize/main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index 416d85b88..fb13eeca8 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c | |||
@@ -44,6 +44,12 @@ printf("\n"); | |||
44 | return 0; | 44 | return 0; |
45 | } | 45 | } |
46 | 46 | ||
47 | #ifdef WARN_DUMPABLE | ||
48 | // check FIREJAIL_PLUGIN in order to not print a warning during make | ||
49 | if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN")) | ||
50 | fprintf(stderr, "Error fsec-optimize: I am dumpable\n"); | ||
51 | #endif | ||
52 | |||
47 | char *fname = argv[1]; | 53 | char *fname = argv[1]; |
48 | 54 | ||
49 | // open input file | 55 | // open input file |