diff options
author | netblue30 <netblue30@protonmail.com> | 2020-08-22 06:41:56 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-22 06:41:56 -0500 |
commit | 14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a (patch) | |
tree | 2dfd331b7bededc4bb4d12c25386652d8dc4bff0 /src/include | |
parent | Merge pull request #3594 from smitsohu/ls (diff) | |
parent | cleanup (diff) | |
download | firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.gz firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.tar.zst firejail-14f7b4decb811eb2e0d2c4d5a10bfd16351a7a5a.zip |
Merge pull request #3572 from smitsohu/dumpable
hardening: run plugins with dumpable flag cleared
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/common.h | 3 | ||||
-rw-r--r-- | src/include/rundefs.h | 5 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/include/common.h b/src/include/common.h index c65ba0d55..025f3c247 100644 --- a/src/include/common.h +++ b/src/include/common.h | |||
@@ -34,6 +34,9 @@ | |||
34 | 34 | ||
35 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) | 35 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) |
36 | 36 | ||
37 | // check if processes run with dumpable flag set | ||
38 | #define WARN_DUMPABLE | ||
39 | |||
37 | // macro to print ip addresses in a printf statement | 40 | // macro to print ip addresses in a printf statement |
38 | #define PRINT_IP(A) \ | 41 | #define PRINT_IP(A) \ |
39 | ((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF)) | 42 | ((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF)) |
diff --git a/src/include/rundefs.h b/src/include/rundefs.h index f8bcdec52..d56623907 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h | |||
@@ -99,8 +99,9 @@ | |||
99 | #define RUN_WHITELIST_SHARE_DIR RUN_MNT_DIR "/orig-share" | 99 | #define RUN_WHITELIST_SHARE_DIR RUN_MNT_DIR "/orig-share" |
100 | #define RUN_WHITELIST_MODULE_DIR RUN_MNT_DIR "/orig-module" | 100 | #define RUN_WHITELIST_MODULE_DIR RUN_MNT_DIR "/orig-module" |
101 | 101 | ||
102 | #define RUN_XAUTHORITY_FILE RUN_MNT_DIR "/.Xauthority" | 102 | #define RUN_XAUTHORITY_FILE RUN_MNT_DIR "/.Xauthority" // private options |
103 | #define RUN_XAUTHORITY_SEC_FILE RUN_MNT_DIR "/sec.Xauthority" | 103 | #define RUN_XAUTH_FILE RUN_MNT_DIR "/xauth" // x11=xorg |
104 | #define RUN_XAUTHORITY_SEC_DIR RUN_MNT_DIR "/.sec.Xauthority" // x11=xorg | ||
104 | #define RUN_ASOUNDRC_FILE RUN_MNT_DIR "/.asoundrc" | 105 | #define RUN_ASOUNDRC_FILE RUN_MNT_DIR "/.asoundrc" |
105 | #define RUN_HOSTNAME_FILE RUN_MNT_DIR "/hostname" | 106 | #define RUN_HOSTNAME_FILE RUN_MNT_DIR "/hostname" |
106 | #define RUN_HOSTS_FILE RUN_MNT_DIR "/hosts" | 107 | #define RUN_HOSTS_FILE RUN_MNT_DIR "/hosts" |