diff options
author | netblue30 <netblue30@yahoo.com> | 2019-06-04 13:12:14 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-06-04 13:12:14 -0400 |
commit | c8588f3953bc5be16b24c17197303487e130c8d6 (patch) | |
tree | 87396cd20bdedb797bc2a6594073902b4e734a0c /src | |
parent | merge: mount runtime seccomp files read-only (diff) | |
download | firejail-c8588f3953bc5be16b24c17197303487e130c8d6.tar.gz firejail-c8588f3953bc5be16b24c17197303487e130c8d6.tar.zst firejail-c8588f3953bc5be16b24c17197303487e130c8d6.zip |
merge: shutdown option: give sandbox time to terminate;shutdown option: paranoid sleep - fix for CVE-2019-12499
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/shutdown.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index be20cd353..87cf3eef8 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -62,15 +62,16 @@ void shut(pid_t pid) { | |||
62 | printf("Sending SIGTERM to %u\n", pid); | 62 | printf("Sending SIGTERM to %u\n", pid); |
63 | kill(pid, SIGTERM); | 63 | kill(pid, SIGTERM); |
64 | 64 | ||
65 | // wait for not more than 10 seconds | 65 | // wait for not more than 11 seconds |
66 | sleep(2); | 66 | int monsec = 11; |
67 | int monsec = 8; | ||
68 | char *monfile; | 67 | char *monfile; |
69 | if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1) | 68 | if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1) |
70 | errExit("asprintf"); | 69 | errExit("asprintf"); |
71 | int killdone = 0; | 70 | int killdone = 0; |
72 | 71 | ||
73 | while (monsec) { | 72 | while (monsec) { |
73 | sleep(1); | ||
74 | monsec--; | ||
74 | FILE *fp = fopen(monfile, "r"); | 75 | FILE *fp = fopen(monfile, "r"); |
75 | if (!fp) { | 76 | if (!fp) { |
76 | killdone = 1; | 77 | killdone = 1; |
@@ -85,9 +86,6 @@ void shut(pid_t pid) { | |||
85 | killdone = 1; | 86 | killdone = 1; |
86 | break; | 87 | break; |
87 | } | 88 | } |
88 | |||
89 | sleep(1); | ||
90 | monsec--; | ||
91 | } | 89 | } |
92 | free(monfile); | 90 | free(monfile); |
93 | 91 | ||