diff options
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/shutdown.c | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 5 | ||||
-rwxr-xr-x | test/pid.exp | 5 |
4 files changed, 11 insertions, 3 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 251260091..98e140ce4 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -201,7 +201,9 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
201 | extract_command(argc, argv, index); | 201 | extract_command(argc, argv, index); |
202 | 202 | ||
203 | // if the pid is that of a firejail process, use the pid of the first child process | 203 | // if the pid is that of a firejail process, use the pid of the first child process |
204 | EUID_ROOT(); | ||
204 | char *comm = pid_proc_comm(pid); | 205 | char *comm = pid_proc_comm(pid); |
206 | EUID_USER(); | ||
205 | if (comm) { | 207 | if (comm) { |
206 | if (strcmp(comm, "firejail") == 0) { | 208 | if (strcmp(comm, "firejail") == 0) { |
207 | pid_t child; | 209 | pid_t child; |
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 3671901d0..b7ef48c8d 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -44,7 +44,9 @@ void shut(pid_t pid) { | |||
44 | 44 | ||
45 | pid_t parent = pid; | 45 | pid_t parent = pid; |
46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox | 46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox |
47 | EUID_ROOT(); | ||
47 | char *comm = pid_proc_comm(pid); | 48 | char *comm = pid_proc_comm(pid); |
49 | EUID_USER(); | ||
48 | if (comm) { | 50 | if (comm) { |
49 | if (strcmp(comm, "firejail") == 0) { | 51 | if (strcmp(comm, "firejail") == 0) { |
50 | pid_t child; | 52 | pid_t child; |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 1fa60bb4d..da73bbfd5 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -346,6 +346,7 @@ int find_child(pid_t parent, pid_t *child) { | |||
346 | *child = 0; // use it to flag a found child | 346 | *child = 0; // use it to flag a found child |
347 | 347 | ||
348 | DIR *dir; | 348 | DIR *dir; |
349 | EUID_ROOT(); // grsecurity fix | ||
349 | if (!(dir = opendir("/proc"))) { | 350 | if (!(dir = opendir("/proc"))) { |
350 | // sleep 2 seconds and try again | 351 | // sleep 2 seconds and try again |
351 | sleep(2); | 352 | sleep(2); |
@@ -397,7 +398,7 @@ int find_child(pid_t parent, pid_t *child) { | |||
397 | free(file); | 398 | free(file); |
398 | } | 399 | } |
399 | closedir(dir); | 400 | closedir(dir); |
400 | 401 | EUID_USER(); | |
401 | return (*child)? 0:1; // 0 = found, 1 = not found | 402 | return (*child)? 0:1; // 0 = found, 1 = not found |
402 | } | 403 | } |
403 | 404 | ||
@@ -576,6 +577,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
576 | perror("asprintf"); | 577 | perror("asprintf"); |
577 | exit(1); | 578 | exit(1); |
578 | } | 579 | } |
580 | EUID_ROOT(); // grsecurity fix | ||
579 | FILE *fp = fopen(file, "r"); | 581 | FILE *fp = fopen(file, "r"); |
580 | if (!fp) { | 582 | if (!fp) { |
581 | free(file); | 583 | free(file); |
@@ -602,6 +604,7 @@ uid_t pid_get_uid(pid_t pid) { | |||
602 | 604 | ||
603 | fclose(fp); | 605 | fclose(fp); |
604 | free(file); | 606 | free(file); |
607 | EUID_USER(); // grsecurity fix | ||
605 | 608 | ||
606 | if (rv == 0) { | 609 | if (rv == 0) { |
607 | fprintf(stderr, "Error: cannot read /proc file\n"); | 610 | fprintf(stderr, "Error: cannot read /proc file\n"); |
diff --git a/test/pid.exp b/test/pid.exp index d382feb96..fb5b90f04 100755 --- a/test/pid.exp +++ b/test/pid.exp | |||
@@ -37,7 +37,8 @@ sleep 1 | |||
37 | send -- "ps aux |wc -l; pwd\r" | 37 | send -- "ps aux |wc -l; pwd\r" |
38 | expect { | 38 | expect { |
39 | timeout {puts "TESTING ERROR 5\n";exit} | 39 | timeout {puts "TESTING ERROR 5\n";exit} |
40 | "6" | 40 | "6" {puts "normal system\n'} |
41 | "5" {puts "grsecurity\n"} | ||
41 | } | 42 | } |
42 | expect { | 43 | expect { |
43 | timeout {puts "TESTING ERROR 6\n";exit} | 44 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -45,4 +46,4 @@ expect { | |||
45 | } | 46 | } |
46 | sleep 1 | 47 | sleep 1 |
47 | 48 | ||
48 | puts "\n" | 49 | puts "\nall done\n" |