diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-01-04 18:48:35 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-01-04 19:02:41 +0100 |
| commit | 18e806cf6033697cefca58a2be55377c8d92dbd4 (patch) | |
| tree | 9eb7191f9534affa7586ce598ab54c4630f011fb /src/lib/common.c | |
| parent | fix #3859 (#3863) (diff) | |
| download | firejail-18e806cf6033697cefca58a2be55377c8d92dbd4.tar.gz firejail-18e806cf6033697cefca58a2be55377c8d92dbd4.tar.zst firejail-18e806cf6033697cefca58a2be55377c8d92dbd4.zip | |
non-dumpable plugins
(hopefully) fixes the issues that led to reverting
commits 6abb65d328af61d67361890743190bd4c57f8e3c and 98e42dc6da4e4b1e47ed2aa020012d4dedc1e80e
Diffstat (limited to 'src/lib/common.c')
| -rw-r--r-- | src/lib/common.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/lib/common.c b/src/lib/common.c index 823442835..ace5cb87e 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
| @@ -267,7 +267,6 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { | |||
| 267 | } | 267 | } |
| 268 | 268 | ||
| 269 | // return 1 if /proc is mounted hidepid, or if /proc/mouns access is denied | 269 | // return 1 if /proc is mounted hidepid, or if /proc/mouns access is denied |
| 270 | #define BUFLEN 4096 | ||
| 271 | int pid_hidepid(void) { | 270 | int pid_hidepid(void) { |
| 272 | FILE *fp = fopen("/proc/mounts", "r"); | 271 | FILE *fp = fopen("/proc/mounts", "r"); |
| 273 | if (!fp) | 272 | if (!fp) |
| @@ -288,6 +287,39 @@ int pid_hidepid(void) { | |||
| 288 | return 0; | 287 | return 0; |
| 289 | } | 288 | } |
| 290 | 289 | ||
| 290 | // print error if unprivileged users can trace the process | ||
| 291 | void warn_dumpable(void) { | ||
| 292 | if (getuid() != 0 && prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getenv("FIREJAIL_PLUGIN")) { | ||
| 293 | fprintf(stderr, "Error: dumpable process\n"); | ||
| 294 | |||
| 295 | // best effort to provide detailed debug information | ||
| 296 | // cannot use process name, it is just a file descriptor number | ||
| 297 | char path[BUFLEN]; | ||
| 298 | ssize_t len = readlink("/proc/self/exe", path, BUFLEN - 1); | ||
| 299 | if (len < 0) | ||
| 300 | return; | ||
| 301 | path[len] = '\0'; | ||
| 302 | // path can refer to a sandbox mount namespace, use basename only | ||
| 303 | const char *base = gnu_basename(path); | ||
| 304 | |||
| 305 | struct stat s; | ||
| 306 | if (stat("/proc/self/exe", &s) == 0 && s.st_uid != 0) | ||
| 307 | fprintf(stderr, "Change owner of %s executable to root\n", base); | ||
| 308 | else if (access("/proc/self/exe", R_OK) == 0) | ||
| 309 | fprintf(stderr, "Remove read permission on %s executable\n", base); | ||
| 310 | } | ||
| 311 | } | ||
| 312 | |||
| 313 | // Equivalent to the GNU version of basename, which is incompatible with | ||
| 314 | // the POSIX basename. A few lines of code saves any portability pain. | ||
| 315 | // https://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html#index-basename | ||
| 316 | const char *gnu_basename(const char *path) { | ||
| 317 | const char *last_slash = strrchr(path, '/'); | ||
| 318 | if (!last_slash) | ||
| 319 | return path; | ||
| 320 | return last_slash+1; | ||
| 321 | } | ||
| 322 | |||
| 291 | //************************** | 323 | //************************** |
| 292 | // time trace based on getticks function | 324 | // time trace based on getticks function |
| 293 | //************************** | 325 | //************************** |