diff options
author | smitsohu <smitsohu@gmail.com> | 2021-01-15 14:31:16 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-15 14:31:16 +0100 |
commit | 1e136df0f0f1c86d0181d796f5719c42164bab1e (patch) | |
tree | 122f4874026666ff7a539cb5e4096223ef799abd /src/lib | |
parent | bug_report.md: improve wording (upstream/duplicates) (diff) | |
parent | fix broken tests and regression on 45304621a6c600d8e30e98bfbef05149caaf56c5 (diff) | |
download | firejail-1e136df0f0f1c86d0181d796f5719c42164bab1e.tar.gz firejail-1e136df0f0f1c86d0181d796f5719c42164bab1e.tar.zst firejail-1e136df0f0f1c86d0181d796f5719c42164bab1e.zip |
Merge pull request #3867 from smitsohu/non-dumpable
return to non-dumpable plugins
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/common.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/lib/common.c b/src/lib/common.c index 823442835..ace5cb87e 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -267,7 +267,6 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { | |||
267 | } | 267 | } |
268 | 268 | ||
269 | // return 1 if /proc is mounted hidepid, or if /proc/mouns access is denied | 269 | // return 1 if /proc is mounted hidepid, or if /proc/mouns access is denied |
270 | #define BUFLEN 4096 | ||
271 | int pid_hidepid(void) { | 270 | int pid_hidepid(void) { |
272 | FILE *fp = fopen("/proc/mounts", "r"); | 271 | FILE *fp = fopen("/proc/mounts", "r"); |
273 | if (!fp) | 272 | if (!fp) |
@@ -288,6 +287,39 @@ int pid_hidepid(void) { | |||
288 | return 0; | 287 | return 0; |
289 | } | 288 | } |
290 | 289 | ||
290 | // print error if unprivileged users can trace the process | ||
291 | void warn_dumpable(void) { | ||
292 | if (getuid() != 0 && prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getenv("FIREJAIL_PLUGIN")) { | ||
293 | fprintf(stderr, "Error: dumpable process\n"); | ||
294 | |||
295 | // best effort to provide detailed debug information | ||
296 | // cannot use process name, it is just a file descriptor number | ||
297 | char path[BUFLEN]; | ||
298 | ssize_t len = readlink("/proc/self/exe", path, BUFLEN - 1); | ||
299 | if (len < 0) | ||
300 | return; | ||
301 | path[len] = '\0'; | ||
302 | // path can refer to a sandbox mount namespace, use basename only | ||
303 | const char *base = gnu_basename(path); | ||
304 | |||
305 | struct stat s; | ||
306 | if (stat("/proc/self/exe", &s) == 0 && s.st_uid != 0) | ||
307 | fprintf(stderr, "Change owner of %s executable to root\n", base); | ||
308 | else if (access("/proc/self/exe", R_OK) == 0) | ||
309 | fprintf(stderr, "Remove read permission on %s executable\n", base); | ||
310 | } | ||
311 | } | ||
312 | |||
313 | // Equivalent to the GNU version of basename, which is incompatible with | ||
314 | // the POSIX basename. A few lines of code saves any portability pain. | ||
315 | // https://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html#index-basename | ||
316 | const char *gnu_basename(const char *path) { | ||
317 | const char *last_slash = strrchr(path, '/'); | ||
318 | if (!last_slash) | ||
319 | return path; | ||
320 | return last_slash+1; | ||
321 | } | ||
322 | |||
291 | //************************** | 323 | //************************** |
292 | // time trace based on getticks function | 324 | // time trace based on getticks function |
293 | //************************** | 325 | //************************** |