diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-10 12:24:34 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-10 12:24:34 -0400 |
| commit | be8e844ec731a7885bbee37a2f977ed4dae2a3c7 (patch) | |
| tree | e55b581d5e4e8325ee7dd7751b99b4c11813c0bc /src | |
| parent | --noexec (diff) | |
| download | firejail-be8e844ec731a7885bbee37a2f977ed4dae2a3c7.tar.gz firejail-be8e844ec731a7885bbee37a2f977ed4dae2a3c7.tar.zst firejail-be8e844ec731a7885bbee37a2f977ed4dae2a3c7.zip | |
compile fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/faudit/faudit.h | 3 | ||||
| -rw-r--r-- | src/faudit/network.c | 1 | ||||
| -rw-r--r-- | src/faudit/seccomp.c | 5 | ||||
| -rw-r--r-- | src/faudit/syscall.c | 20 | ||||
| -rw-r--r-- | src/libtracelog/libtracelog.c | 4 |
5 files changed, 19 insertions, 14 deletions
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h index f54f95f98..3c08a3eab 100644 --- a/src/faudit/faudit.h +++ b/src/faudit/faudit.h | |||
| @@ -20,6 +20,7 @@ | |||
| 20 | 20 | ||
| 21 | #ifndef FAUDIT_H | 21 | #ifndef FAUDIT_H |
| 22 | #define FAUDIT_H | 22 | #define FAUDIT_H |
| 23 | #define _GNU_SOURCE | ||
| 23 | #include <stdio.h> | 24 | #include <stdio.h> |
| 24 | #include <stdlib.h> | 25 | #include <stdlib.h> |
| 25 | #include <stdint.h> | 26 | #include <stdint.h> |
| @@ -57,4 +58,4 @@ void network_test(void); | |||
| 57 | // dbus.c | 58 | // dbus.c |
| 58 | void dbus_test(void); | 59 | void dbus_test(void); |
| 59 | 60 | ||
| 60 | #endif \ No newline at end of file | 61 | #endif |
diff --git a/src/faudit/network.c b/src/faudit/network.c index 39821cd25..0e0ad1844 100644 --- a/src/faudit/network.c +++ b/src/faudit/network.c | |||
| @@ -48,7 +48,6 @@ void check_ssh(void) { | |||
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | void check_netlink(void) { | 50 | void check_netlink(void) { |
| 51 | socklen_t addr_len; | ||
| 52 | int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0); | 51 | int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0); |
| 53 | if (sock == -1) { | 52 | if (sock == -1) { |
| 54 | printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n"); | 53 | printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n"); |
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 099e0e420..6f5d23c48 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
| @@ -77,9 +77,6 @@ void seccomp_test(void) { | |||
| 77 | printf("init_module... "); fflush(0); | 77 | printf("init_module... "); fflush(0); |
| 78 | syscall_run("init_module"); | 78 | syscall_run("init_module"); |
| 79 | 79 | ||
| 80 | printf("finit_module... "); fflush(0); | ||
| 81 | syscall_run("finit_module"); | ||
| 82 | |||
| 83 | printf("delete_module... "); fflush(0); | 80 | printf("delete_module... "); fflush(0); |
| 84 | syscall_run("delete_module"); | 81 | syscall_run("delete_module"); |
| 85 | 82 | ||
| @@ -100,4 +97,4 @@ void seccomp_test(void) { | |||
| 100 | else | 97 | else |
| 101 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); | 98 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); |
| 102 | 99 | ||
| 103 | } \ No newline at end of file | 100 | } |
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 7088ad340..bc28936c9 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c | |||
| @@ -18,8 +18,20 @@ | |||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | */ | 19 | */ |
| 20 | #include "faudit.h" | 20 | #include "faudit.h" |
| 21 | #include <sys/ptrace.h> | ||
| 22 | #include <sys/swap.h> | ||
| 23 | #include <sys/io.h> | ||
| 24 | #include <sys/wait.h> | ||
| 25 | extern int init_module(void *module_image, unsigned long len, | ||
| 26 | const char *param_values); | ||
| 27 | extern int finit_module(int fd, const char *param_values, | ||
| 28 | int flags); | ||
| 29 | extern int delete_module(const char *name, int flags); | ||
| 30 | extern int pivot_root(const char *new_root, const char *put_old); | ||
| 21 | 31 | ||
| 22 | void syscall_helper(int argc, char **argv) { | 32 | void syscall_helper(int argc, char **argv) { |
| 33 | (void) argc; | ||
| 34 | |||
| 23 | if (strcmp(argv[2], "mount") == 0) { | 35 | if (strcmp(argv[2], "mount") == 0) { |
| 24 | mount(NULL, NULL, NULL, 0, NULL); | 36 | mount(NULL, NULL, NULL, 0, NULL); |
| 25 | printf("\nUGLY: mount syscall permitted.\n"); | 37 | printf("\nUGLY: mount syscall permitted.\n"); |
| @@ -44,16 +56,12 @@ void syscall_helper(int argc, char **argv) { | |||
| 44 | init_module(NULL, 0, NULL); | 56 | init_module(NULL, 0, NULL); |
| 45 | printf("\nUGLY: init_module syscall permitted.\n"); | 57 | printf("\nUGLY: init_module syscall permitted.\n"); |
| 46 | } | 58 | } |
| 47 | else if (strcmp(argv[2], "finit_module") == 0) { | ||
| 48 | swapoff(0, NULL, 0); | ||
| 49 | printf("\nUGLY: finit_module syscall permitted.\n"); | ||
| 50 | } | ||
| 51 | else if (strcmp(argv[2], "delete_module") == 0) { | 59 | else if (strcmp(argv[2], "delete_module") == 0) { |
| 52 | delete_module(NULL, 0); | 60 | delete_module(NULL, 0); |
| 53 | printf("\nUGLY: delete_module syscall permitted.\n"); | 61 | printf("\nUGLY: delete_module syscall permitted.\n"); |
| 54 | } | 62 | } |
| 55 | else if (strcmp(argv[2], "chroot") == 0) { | 63 | else if (strcmp(argv[2], "chroot") == 0) { |
| 56 | int rv = chroot(NULL); | 64 | int rv = chroot("/blablabla-57281292"); |
| 57 | (void) rv; | 65 | (void) rv; |
| 58 | printf("\nUGLY: chroot syscall permitted.\n"); | 66 | printf("\nUGLY: chroot syscall permitted.\n"); |
| 59 | } | 67 | } |
| @@ -85,4 +93,4 @@ void syscall_run(const char *name) { | |||
| 85 | 93 | ||
| 86 | // wait for the child to finish | 94 | // wait for the child to finish |
| 87 | waitpid(child, NULL, 0); | 95 | waitpid(child, NULL, 0); |
| 88 | } \ No newline at end of file | 96 | } |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 0a6d8299f..3e65587c4 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
| @@ -92,7 +92,7 @@ static void storage_add(const char *str) { | |||
| 92 | } | 92 | } |
| 93 | 93 | ||
| 94 | // global variable to keep current working directory | 94 | // global variable to keep current working directory |
| 95 | char* cwd = NULL; | 95 | static char* cwd = NULL; |
| 96 | 96 | ||
| 97 | static char *storage_find(const char *str) { | 97 | static char *storage_find(const char *str) { |
| 98 | #ifdef DEBUG | 98 | #ifdef DEBUG |
| @@ -108,7 +108,7 @@ static char *storage_find(const char *str) { | |||
| 108 | int allocated = 0; | 108 | int allocated = 0; |
| 109 | 109 | ||
| 110 | if (strstr(str, "..") || strstr(str, "/./") || strstr(str, "//") || str[0] != '/') { | 110 | if (strstr(str, "..") || strstr(str, "/./") || strstr(str, "//") || str[0] != '/') { |
| 111 | if (cwd != NULL & str[0] != '/') { | 111 | if (cwd != NULL && str[0] != '/') { |
| 112 | char *fullpath=malloc(PATH_MAX); | 112 | char *fullpath=malloc(PATH_MAX); |
| 113 | if (!fullpath) { | 113 | if (!fullpath) { |
| 114 | fprintf(stderr, "Error: cannot allocate memory\n"); | 114 | fprintf(stderr, "Error: cannot allocate memory\n"); |