diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/bandwidth.c | 9 |
2 files changed, 2 insertions, 8 deletions
@@ -1,5 +1,6 @@ | |||
1 | firejail (0.9.45) baseline; urgency=low | 1 | firejail (0.9.45) baseline; urgency=low |
2 | * development version, work in progress | 2 | * development version, work in progress |
3 | * security: --bandwidth root shel found by Martin Carpenter | ||
3 | * security: disabled --allow-debuggers when running on kernel | 4 | * security: disabled --allow-debuggers when running on kernel |
4 | versions prior to 4.8; a kernel bug in ptrace system call | 5 | versions prior to 4.8; a kernel bug in ptrace system call |
5 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | 6 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon |
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 5e9002f22..84c9dc53a 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -435,15 +435,8 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
435 | if (setregid(0, 0)) | 435 | if (setregid(0, 0)) |
436 | errExit("setregid"); | 436 | errExit("setregid"); |
437 | 437 | ||
438 | if (!cfg.shell) | ||
439 | cfg.shell = guess_shell(); | ||
440 | if (!cfg.shell) { | ||
441 | fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n"); | ||
442 | exit(1); | ||
443 | } | ||
444 | |||
445 | char *arg[4]; | 438 | char *arg[4]; |
446 | arg[0] = cfg.shell; | 439 | arg[0] = "/bin/sh"; |
447 | arg[1] = "-c"; | 440 | arg[1] = "-c"; |
448 | arg[2] = cmd; | 441 | arg[2] = cmd; |
449 | arg[3] = NULL; | 442 | arg[3] = NULL; |