diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-26 12:27:27 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-26 12:27:27 -0400 |
commit | cf1e38c210b12a504bebf4b63b2a0abfd7d023e0 (patch) | |
tree | c6a3fc412a31a0ad30a13de7ed51c34309411633 /src | |
parent | allusers support in profile files (diff) | |
download | firejail-cf1e38c210b12a504bebf4b63b2a0abfd7d023e0.tar.gz firejail-cf1e38c210b12a504bebf4b63b2a0abfd7d023e0.tar.zst firejail-cf1e38c210b12a504bebf4b63b2a0abfd7d023e0.zip |
CVE-2016-7545
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 1f2ee9573..135ff17d8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -35,6 +35,8 @@ | |||
35 | #include <signal.h> | 35 | #include <signal.h> |
36 | #include <time.h> | 36 | #include <time.h> |
37 | #include <net/if.h> | 37 | #include <net/if.h> |
38 | #include <sys/ioctl.h> | ||
39 | #include <termios.h> | ||
38 | 40 | ||
39 | #if 0 | 41 | #if 0 |
40 | #include <sys/times.h> | 42 | #include <sys/times.h> |
@@ -141,6 +143,7 @@ static void myexit(int rv) { | |||
141 | EUID_ROOT(); | 143 | EUID_ROOT(); |
142 | clear_run_files(sandbox_pid); | 144 | clear_run_files(sandbox_pid); |
143 | appimage_clear(); | 145 | appimage_clear(); |
146 | ioctl(0, TCFLSH, TCIFLUSH); | ||
144 | 147 | ||
145 | exit(rv); | 148 | exit(rv); |
146 | } | 149 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index cc5483c08..08296d823 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -28,6 +28,8 @@ | |||
28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
29 | #include <dirent.h> | 29 | #include <dirent.h> |
30 | #include <errno.h> | 30 | #include <errno.h> |
31 | #include <sys/ioctl.h> | ||
32 | #include <termios.h> | ||
31 | 33 | ||
32 | #include <sched.h> | 34 | #include <sched.h> |
33 | #ifndef CLONE_NEWUSER | 35 | #ifndef CLONE_NEWUSER |
@@ -80,8 +82,10 @@ static void sandbox_handler(int sig){ | |||
80 | 82 | ||
81 | } | 83 | } |
82 | 84 | ||
85 | |||
83 | // broadcast a SIGKILL | 86 | // broadcast a SIGKILL |
84 | kill(-1, SIGKILL); | 87 | kill(-1, SIGKILL); |
88 | ioctl(0, TCFLSH, TCIFLUSH); | ||
85 | exit(sig); | 89 | exit(sig); |
86 | } | 90 | } |
87 | 91 | ||
@@ -290,6 +294,8 @@ void start_audit(void) { | |||
290 | } | 294 | } |
291 | 295 | ||
292 | void start_application(void) { | 296 | void start_application(void) { |
297 | //if (setsid() == -1) | ||
298 | //errExit("setsid"); | ||
293 | //**************************************** | 299 | //**************************************** |
294 | // audit | 300 | // audit |
295 | //**************************************** | 301 | //**************************************** |
@@ -890,6 +896,7 @@ int sandbox(void* sandbox_arg) { | |||
890 | } | 896 | } |
891 | 897 | ||
892 | int status = monitor_application(app_pid); // monitor application | 898 | int status = monitor_application(app_pid); // monitor application |
899 | ioctl(0, TCFLSH, TCIFLUSH); | ||
893 | 900 | ||
894 | if (WIFEXITED(status)) { | 901 | if (WIFEXITED(status)) { |
895 | // if we had a proper exit, return that exit status | 902 | // if we had a proper exit, return that exit status |