diff options
-rw-r--r-- | src/faudit/faudit.h | 3 | ||||
-rw-r--r-- | src/faudit/network.c | 1 | ||||
-rw-r--r-- | src/faudit/seccomp.c | 5 | ||||
-rw-r--r-- | src/faudit/syscall.c | 20 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | src/libtracelog/libtracelog.c | 4 |
6 files changed, 19 insertions, 15 deletions
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h index f54f95f98..3c08a3eab 100644 --- a/src/faudit/faudit.h +++ b/src/faudit/faudit.h | |||
@@ -20,6 +20,7 @@ | |||
20 | 20 | ||
21 | #ifndef FAUDIT_H | 21 | #ifndef FAUDIT_H |
22 | #define FAUDIT_H | 22 | #define FAUDIT_H |
23 | #define _GNU_SOURCE | ||
23 | #include <stdio.h> | 24 | #include <stdio.h> |
24 | #include <stdlib.h> | 25 | #include <stdlib.h> |
25 | #include <stdint.h> | 26 | #include <stdint.h> |
@@ -57,4 +58,4 @@ void network_test(void); | |||
57 | // dbus.c | 58 | // dbus.c |
58 | void dbus_test(void); | 59 | void dbus_test(void); |
59 | 60 | ||
60 | #endif \ No newline at end of file | 61 | #endif |
diff --git a/src/faudit/network.c b/src/faudit/network.c index 39821cd25..0e0ad1844 100644 --- a/src/faudit/network.c +++ b/src/faudit/network.c | |||
@@ -48,7 +48,6 @@ void check_ssh(void) { | |||
48 | } | 48 | } |
49 | 49 | ||
50 | void check_netlink(void) { | 50 | void check_netlink(void) { |
51 | socklen_t addr_len; | ||
52 | int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0); | 51 | int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0); |
53 | if (sock == -1) { | 52 | if (sock == -1) { |
54 | printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n"); | 53 | printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n"); |
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 099e0e420..6f5d23c48 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
@@ -77,9 +77,6 @@ void seccomp_test(void) { | |||
77 | printf("init_module... "); fflush(0); | 77 | printf("init_module... "); fflush(0); |
78 | syscall_run("init_module"); | 78 | syscall_run("init_module"); |
79 | 79 | ||
80 | printf("finit_module... "); fflush(0); | ||
81 | syscall_run("finit_module"); | ||
82 | |||
83 | printf("delete_module... "); fflush(0); | 80 | printf("delete_module... "); fflush(0); |
84 | syscall_run("delete_module"); | 81 | syscall_run("delete_module"); |
85 | 82 | ||
@@ -100,4 +97,4 @@ void seccomp_test(void) { | |||
100 | else | 97 | else |
101 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); | 98 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); |
102 | 99 | ||
103 | } \ No newline at end of file | 100 | } |
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 7088ad340..bc28936c9 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c | |||
@@ -18,8 +18,20 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "faudit.h" | 20 | #include "faudit.h" |
21 | #include <sys/ptrace.h> | ||
22 | #include <sys/swap.h> | ||
23 | #include <sys/io.h> | ||
24 | #include <sys/wait.h> | ||
25 | extern int init_module(void *module_image, unsigned long len, | ||
26 | const char *param_values); | ||
27 | extern int finit_module(int fd, const char *param_values, | ||
28 | int flags); | ||
29 | extern int delete_module(const char *name, int flags); | ||
30 | extern int pivot_root(const char *new_root, const char *put_old); | ||
21 | 31 | ||
22 | void syscall_helper(int argc, char **argv) { | 32 | void syscall_helper(int argc, char **argv) { |
33 | (void) argc; | ||
34 | |||
23 | if (strcmp(argv[2], "mount") == 0) { | 35 | if (strcmp(argv[2], "mount") == 0) { |
24 | mount(NULL, NULL, NULL, 0, NULL); | 36 | mount(NULL, NULL, NULL, 0, NULL); |
25 | printf("\nUGLY: mount syscall permitted.\n"); | 37 | printf("\nUGLY: mount syscall permitted.\n"); |
@@ -44,16 +56,12 @@ void syscall_helper(int argc, char **argv) { | |||
44 | init_module(NULL, 0, NULL); | 56 | init_module(NULL, 0, NULL); |
45 | printf("\nUGLY: init_module syscall permitted.\n"); | 57 | printf("\nUGLY: init_module syscall permitted.\n"); |
46 | } | 58 | } |
47 | else if (strcmp(argv[2], "finit_module") == 0) { | ||
48 | swapoff(0, NULL, 0); | ||
49 | printf("\nUGLY: finit_module syscall permitted.\n"); | ||
50 | } | ||
51 | else if (strcmp(argv[2], "delete_module") == 0) { | 59 | else if (strcmp(argv[2], "delete_module") == 0) { |
52 | delete_module(NULL, 0); | 60 | delete_module(NULL, 0); |
53 | printf("\nUGLY: delete_module syscall permitted.\n"); | 61 | printf("\nUGLY: delete_module syscall permitted.\n"); |
54 | } | 62 | } |
55 | else if (strcmp(argv[2], "chroot") == 0) { | 63 | else if (strcmp(argv[2], "chroot") == 0) { |
56 | int rv = chroot(NULL); | 64 | int rv = chroot("/blablabla-57281292"); |
57 | (void) rv; | 65 | (void) rv; |
58 | printf("\nUGLY: chroot syscall permitted.\n"); | 66 | printf("\nUGLY: chroot syscall permitted.\n"); |
59 | } | 67 | } |
@@ -85,4 +93,4 @@ void syscall_run(const char *name) { | |||
85 | 93 | ||
86 | // wait for the child to finish | 94 | // wait for the child to finish |
87 | waitpid(child, NULL, 0); | 95 | waitpid(child, NULL, 0); |
88 | } \ No newline at end of file | 96 | } |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 665cd80c8..ba975c4b4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -125,7 +125,6 @@ pix | |||
125 | xreader | 125 | xreader |
126 | 126 | ||
127 | # other | 127 | # other |
128 | snap | ||
129 | ssh | 128 | ssh |
130 | atom-beta | 129 | atom-beta |
131 | atom | 130 | atom |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 0a6d8299f..3e65587c4 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
@@ -92,7 +92,7 @@ static void storage_add(const char *str) { | |||
92 | } | 92 | } |
93 | 93 | ||
94 | // global variable to keep current working directory | 94 | // global variable to keep current working directory |
95 | char* cwd = NULL; | 95 | static char* cwd = NULL; |
96 | 96 | ||
97 | static char *storage_find(const char *str) { | 97 | static char *storage_find(const char *str) { |
98 | #ifdef DEBUG | 98 | #ifdef DEBUG |
@@ -108,7 +108,7 @@ static char *storage_find(const char *str) { | |||
108 | int allocated = 0; | 108 | int allocated = 0; |
109 | 109 | ||
110 | if (strstr(str, "..") || strstr(str, "/./") || strstr(str, "//") || str[0] != '/') { | 110 | if (strstr(str, "..") || strstr(str, "/./") || strstr(str, "//") || str[0] != '/') { |
111 | if (cwd != NULL & str[0] != '/') { | 111 | if (cwd != NULL && str[0] != '/') { |
112 | char *fullpath=malloc(PATH_MAX); | 112 | char *fullpath=malloc(PATH_MAX); |
113 | if (!fullpath) { | 113 | if (!fullpath) { |
114 | fprintf(stderr, "Error: cannot allocate memory\n"); | 114 | fprintf(stderr, "Error: cannot allocate memory\n"); |