diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-04 21:14:15 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-04 21:14:15 -0400 |
commit | cb5a3046fc3f8d498af7bf1e6bc9e7c90e16a828 (patch) | |
tree | cf30efeb97177c84e5e7af036ea03b2cc486b7f4 /src | |
parent | grsecurity: testing (diff) | |
download | firejail-cb5a3046fc3f8d498af7bf1e6bc9e7c90e16a828.tar.gz firejail-cb5a3046fc3f8d498af7bf1e6bc9e7c90e16a828.tar.zst firejail-cb5a3046fc3f8d498af7bf1e6bc9e7c90e16a828.zip |
grsecurity: --join, --shutdown
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/shutdown.c | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 5 |
3 files changed, 8 insertions, 1 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 251260091..98e140ce4 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -201,7 +201,9 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
201 | extract_command(argc, argv, index); | 201 | extract_command(argc, argv, index); |
202 | 202 | ||
203 | // if the pid is that of a firejail process, use the pid of the first child process | 203 | // if the pid is that of a firejail process, use the pid of the first child process |
204 | EUID_ROOT(); | ||
204 | char *comm = pid_proc_comm(pid); | 205 | char *comm = pid_proc_comm(pid); |
206 | EUID_USER(); | ||
205 | if (comm) { | 207 | if (comm) { |
206 | if (strcmp(comm, "firejail") == 0) { | 208 | if (strcmp(comm, "firejail") == 0) { |
207 | pid_t child; | 209 | pid_t child; |
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 3671901d0..b7ef48c8d 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -44,7 +44,9 @@ void shut(pid_t pid) { | |||
44 | 44 | ||
45 | pid_t parent = pid; | 45 | pid_t parent = pid; |
46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox | 46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox |
47 | EUID_ROOT(); | ||
47 | char *comm = pid_proc_comm(pid); | 48 | char *comm = pid_proc_comm(pid); |
49 | EUID_USER(); | ||
48 | if (comm) { | 50 | if (comm) { |
49 | if (strcmp(comm, "firejail") == 0) { | 51 | if (strcmp(comm, "firejail") == 0) { |
50 | pid_t child; | 52 | pid_t child; |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 1fa60bb4d..da73bbfd5 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -346,6 +346,7 @@ int find_child(pid_t parent, pid_t *child) { | |||
346 | *child = 0; // use it to flag a found child | 346 | *child = 0; // use it to flag a found child |
347 | 347 | ||
348 | DIR *dir; | 348 | DIR *dir; |
349 | EUID_ROOT(); // grsecurity fix | ||
349 | if (!(dir = opendir("/proc"))) { | 350 | if (!(dir = opendir("/proc"))) { |
350 | // sleep 2 seconds and try again | 351 | // sleep 2 seconds and try again |
351 | sleep(2); | 352 | sleep(2); |
@@ -397,7 +398,7 @@ int find_child(pid_t parent, pid_t *child) { | |||
397 | free(file); | 398 | free(file); |
398 | } | 399 | } |
399 | closedir(dir); | 400 | closedir(dir); |
400 | 401 | EUID_USER(); | |
401 | return (*child)? 0:1; // 0 = found, 1 = not found | 402 | return (*child)? 0:1; // 0 = found, 1 = not found |
402 | } | 403 | } |
403 | 404 | ||
@@ -576,6 +577,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
576 | perror("asprintf"); | 577 | perror("asprintf"); |
577 | exit(1); | 578 | exit(1); |
578 | } | 579 | } |
580 | EUID_ROOT(); // grsecurity fix | ||
579 | FILE *fp = fopen(file, "r"); | 581 | FILE *fp = fopen(file, "r"); |
580 | if (!fp) { | 582 | if (!fp) { |
581 | free(file); | 583 | free(file); |
@@ -602,6 +604,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
602 | 604 | ||
603 | fclose(fp); | 605 | fclose(fp); |
604 | free(file); | 606 | free(file); |
607 | EUID_USER(); // grsecurity fix | ||
605 | 608 | ||
606 | if (rv == 0) { | 609 | if (rv == 0) { |
607 | fprintf(stderr, "Error: cannot read /proc file\n"); | 610 | fprintf(stderr, "Error: cannot read /proc file\n"); |