diff options
| -rw-r--r-- | src/firejail/network_main.c | 10 | ||||
| -rw-r--r-- | src/lib/pid.c | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e30d07229..1a40e8a0f 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
| @@ -283,6 +283,16 @@ void net_dns_print(pid_t pid) { | |||
| 283 | free(comm); | 283 | free(comm); |
| 284 | } | 284 | } |
| 285 | 285 | ||
| 286 | // check privileges for non-root users | ||
| 287 | uid_t uid = getuid(); | ||
| 288 | if (uid != 0) { | ||
| 289 | uid_t sandbox_uid = pid_get_uid(pid); | ||
| 290 | if (uid != sandbox_uid) { | ||
| 291 | fprintf(stderr, "Error: permission denied.\n"); | ||
| 292 | exit(1); | ||
| 293 | } | ||
| 294 | } | ||
| 295 | |||
| 286 | EUID_ROOT(); | 296 | EUID_ROOT(); |
| 287 | if (join_namespace(pid, "mnt")) | 297 | if (join_namespace(pid, "mnt")) |
| 288 | exit(1); | 298 | exit(1); |
diff --git a/src/lib/pid.c b/src/lib/pid.c index b73a57409..75576c787 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
| @@ -149,7 +149,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
| 149 | char buf[PIDS_BUFLEN]; | 149 | char buf[PIDS_BUFLEN]; |
| 150 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { | 150 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { |
| 151 | if (strncmp(buf, "Uid:", 4) == 0) { | 151 | if (strncmp(buf, "Uid:", 4) == 0) { |
| 152 | char *ptr = buf + 5; | 152 | char *ptr = buf + 4; |
| 153 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | 153 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { |
| 154 | ptr++; | 154 | ptr++; |
| 155 | } | 155 | } |