Merge pull request #3572 from smitsohu/dumpable

hardening: run plugins with dumpable flag cleared

2 files changed, 6 insertions, 2 deletions

diff --git a/src/include/common.h b/src/include/common.h
index c65ba0d55..025f3c247 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -34,6 +34,9 @@
 
 #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
 
+// check if processes run with dumpable flag set
+#define WARN_DUMPABLE
+
 // macro to print ip addresses in a printf statement
 #define PRINT_IP(A) \
 ((int) (((A) >> 24) & 0xFF)),  ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF))
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index f8bcdec52..d56623907 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -99,8 +99,9 @@
 #define RUN_WHITELIST_SHARE_DIR         RUN_MNT_DIR "/orig-share"
 #define RUN_WHITELIST_MODULE_DIR        RUN_MNT_DIR "/orig-module"
 
-#define RUN_XAUTHORITY_FILE             RUN_MNT_DIR "/.Xauthority"
-#define RUN_XAUTHORITY_SEC_FILE         RUN_MNT_DIR "/sec.Xauthority"
+#define RUN_XAUTHORITY_FILE             RUN_MNT_DIR "/.Xauthority"              // private options
+#define RUN_XAUTH_FILE                  RUN_MNT_DIR "/xauth"                    // x11=xorg
+#define RUN_XAUTHORITY_SEC_DIR          RUN_MNT_DIR "/.sec.Xauthority"          // x11=xorg
 #define RUN_ASOUNDRC_FILE               RUN_MNT_DIR "/.asoundrc"
 #define RUN_HOSTNAME_FILE               RUN_MNT_DIR "/hostname"
 #define RUN_HOSTS_FILE                  RUN_MNT_DIR "/hosts"