diff options
-rw-r--r-- | src/firejail/network_main.c | 10 | ||||
-rw-r--r-- | src/lib/pid.c | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e30d07229..1a40e8a0f 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -283,6 +283,16 @@ void net_dns_print(pid_t pid) { | |||
283 | free(comm); | 283 | free(comm); |
284 | } | 284 | } |
285 | 285 | ||
286 | // check privileges for non-root users | ||
287 | uid_t uid = getuid(); | ||
288 | if (uid != 0) { | ||
289 | uid_t sandbox_uid = pid_get_uid(pid); | ||
290 | if (uid != sandbox_uid) { | ||
291 | fprintf(stderr, "Error: permission denied.\n"); | ||
292 | exit(1); | ||
293 | } | ||
294 | } | ||
295 | |||
286 | EUID_ROOT(); | 296 | EUID_ROOT(); |
287 | if (join_namespace(pid, "mnt")) | 297 | if (join_namespace(pid, "mnt")) |
288 | exit(1); | 298 | exit(1); |
diff --git a/src/lib/pid.c b/src/lib/pid.c index b73a57409..75576c787 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
@@ -149,7 +149,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
149 | char buf[PIDS_BUFLEN]; | 149 | char buf[PIDS_BUFLEN]; |
150 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { | 150 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { |
151 | if (strncmp(buf, "Uid:", 4) == 0) { | 151 | if (strncmp(buf, "Uid:", 4) == 0) { |
152 | char *ptr = buf + 5; | 152 | char *ptr = buf + 4; |
153 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | 153 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { |
154 | ptr++; | 154 | ptr++; |
155 | } | 155 | } |