diff options
author | netblue30 <netblue30@protonmail.com> | 2020-08-22 06:41:56 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-22 06:41:56 -0500 |
commit | 14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch) | |
tree | 2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/fseccomp/main.c | |
parent | Merge pull request #3594 from smitsohu/ls (diff) | |
parent | cleanup (diff) | |
download | firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip |
Merge pull request #3572 from smitsohu/dumpable
hardening: run plugins with dumpable flag cleared
Diffstat (limited to 'src/fseccomp/main.c')
-rw-r--r-- | src/fseccomp/main.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 3b3c92b46..f505ca0f3 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -64,6 +64,16 @@ printf("\n"); | |||
64 | usage(); | 64 | usage(); |
65 | return 1; | 65 | return 1; |
66 | } | 66 | } |
67 | if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { | ||
68 | usage(); | ||
69 | return 0; | ||
70 | } | ||
71 | |||
72 | #ifdef WARN_DUMPABLE | ||
73 | // check FIREJAIL_PLUGIN in order to not print a warning during make | ||
74 | if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN")) | ||
75 | fprintf(stderr, "Error fseccomp: I am dumpable\n"); | ||
76 | #endif | ||
67 | 77 | ||
68 | char *quiet = getenv("FIREJAIL_QUIET"); | 78 | char *quiet = getenv("FIREJAIL_QUIET"); |
69 | if (quiet && strcmp(quiet, "yes") == 0) | 79 | if (quiet && strcmp(quiet, "yes") == 0) |
@@ -83,11 +93,7 @@ printf("\n"); | |||
83 | } | 93 | } |
84 | } | 94 | } |
85 | 95 | ||
86 | if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { | 96 | if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) |
87 | usage(); | ||
88 | return 0; | ||
89 | } | ||
90 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) | ||
91 | syscall_print(); | 97 | syscall_print(); |
92 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0) | 98 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0) |
93 | syscall_print_32(); | 99 | syscall_print_32(); |