add dumpable warnings

author: smitsohu <smitsohu@gmail.com> 2020-08-17 17:08:43 +0200
committer: smitsohu <smitsohu@gmail.com> 2020-08-17 17:08:43 +0200
commit: 9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea (patch)
tree: c6732e4a925e5f594cf30db251db9e8e65d3b0e7 /src/fsec-optimize
parent: various x11 xorg enhancements (diff)
download: firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.gz
firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.zst
firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.zip
2 files changed, 6 insertions, 0 deletions
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 211111641..034fde2ac 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -22,6 +22,7 @@
 #include "../include/common.h"
 #include "../include/seccomp.h"
 #include <sys/mman.h>
+#include <sys/prctl.h>
 // optimize.c
 struct sock_filter *duplicate(struct sock_filter *filter, int entries);
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 416d85b88..4da110583 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -44,6 +44,11 @@ printf("\n");
                return 0;
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
+#endif
        char *fname = argv[1];
        // open input file
author	smitsohu <smitsohu@gmail.com>	2020-08-17 17:08:43 +0200
committer	smitsohu <smitsohu@gmail.com>	2020-08-17 17:08:43 +0200
commit	9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea (patch)
tree	c6732e4a925e5f594cf30db251db9e8e65d3b0e7 /src/fsec-optimize
parent	various x11 xorg enhancements (diff)
download	firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.gz firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.zst firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.zip