4 files changed, 88 insertions, 6 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 7f00fdea5..822c9b09f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -53,7 +53,7 @@ jobs:
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@b398f525a5587552e573b247ac661067fafa920b
+      uses: github/codeql-action/init@904260d7d935dff982205cbdb42025ce30b7a34f
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@b398f525a5587552e573b247ac661067fafa920b
+      uses: github/codeql-action/autobuild@904260d7d935dff982205cbdb42025ce30b7a34f
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -78,4 +78,4 @@ jobs:
    #   make release
    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b398f525a5587552e573b247ac661067fafa920b
+      uses: github/codeql-action/analyze@904260d7d935dff982205cbdb42025ce30b7a34f
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 96d891a49..01fd6c41d 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -545,7 +545,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
                        dbus_set_system_bus_env();
 #endif
-                start_application(0, shfd, NULL);
+                start_application(arg_join_network || arg_join_filesystem, shfd, NULL);
                __builtin_unreachable();
        }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c7da3c95c..12c2cf02b 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -824,7 +824,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        // try to join by name only
                        pid_t pid;
                        if (!read_pid(argv[i] + 16, &pid)) {
                                join(pid, argc, argv, i + 1);
                                exit(0);
                        }
@@ -843,6 +842,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                exit(1);
                        }
+                        if (argc <= (i+1))
+                                just_run_the_shell = 1;
+                        cfg.original_program_index = i + 1;
                        // join sandbox by pid or by name
                        pid_t pid = require_pid(argv[i] + 15);
                        join(pid, argc, argv, i + 1);
@@ -860,6 +863,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        exit(1);
                }
+                if (argc <= (i+1))
+                        just_run_the_shell = 1;
+                cfg.original_program_index = i + 1;
                // join sandbox by pid or by name
                pid_t pid = require_pid(argv[i] + 18);
                join(pid, argc, argv, i + 1);
@@ -3220,7 +3227,7 @@ int main(int argc, char **argv, char **envp) {
                                errExit("setresuid");
                        char arg[64];
-                        snprintf(arg, sizeof(arg), "--netlock=%d", getpid());
+                        snprintf(arg, sizeof(arg), "--netlock=%d", sandbox_pid);
                        char *cmd[3];
                        cmd[0] = BINDIR "/firejail";
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map
index 97bed7a1f..d1ce29dac 100644
--- a/src/fnettrace/static-ip-map
+++ b/src/fnettrace/static-ip-map
@@ -33,6 +33,11 @@
 #
 #
+#
+# The following list of addresses was compiled from various public sources.
+#
 # local network addresses
 192.168.0.0/16 local network
 10.0.0.0/8 local network
@@ -81,19 +86,89 @@
 201.159.220.0/22 whois.lacnic.net Ecuador
 # some popular websites
+23.160.0.0/24 Twitch
+23.246.0.0/18, Netflix
 31.13.24.0/21 Facebook
 31.13.64.0/18 Facebook
+37.77.184.0/21 Netflix
+45.57.0.0/17 Netflix
+45.58.64.0/20 Dropbox
+45.113.128.0/22 Twitch
+52.223.192.0/18 Twitch
+63.245.208.0/23 Mozilla
 64.63.0.0/18 Twitter
+64.112.13.0/24 Dropbox
+64.120.128.0/17 Netflix
+66.197.128.0/17 Netflix
+69.53.224.0/19 Netflix
 69.171.224.0/19 Facebook
+91.105.192.0/23 Telegram
+91.108.4.0/22 Telegram
+91.108.8.0/21 Telegram
+91.108.16.0/21 Telegram
+91.108.56.0/22 Telegram
+91.189.88.0/24 Ubuntu One
+91.189.90.0/23 Ubuntu One
+91.189.92.0/23 Ubuntu One
+91.189.94.0/24 Ubuntu One
+95.161.64.0/20 Telegram
+99.181.64.0/18 Twitch
+103.53.48.0/23 Twitch
 104.244.40.0/21 Twitter
 129.134.0.0/16 Facebook
 140.82.112.0/20 GitHub
+103.10.124.0/23 Steam
+103.28.54.0/24 Steam
+108.160.160.0/20 Dropbox
+108.175.32.0/20 Netflix
+143.55.64.0/20 Github
+146.66.152.0/24 Steam
+146.66.155.0/24 Steam
+149.154.160.0/20 Telegram
+153.254.86.0/24 Steam
+155.133.224.0/22 Steam
+155.133.230.0/24 Steam
+155.133.232.0/23 Steam
+155.133.234.0/24 Steam
+155.133.236.0/22 Steam
+155.133.240.0/23 Steam
+155.133.245.0/24 Steam
+155.133.246.0/24 Steam
+155.133.248.0/21 Steam
 157.240.0.0/16 Facebook
+162.125.0.0/16 Dropbox
+162.213.32.0/22 Ubuntu One
+162.254.192.0/21 Steam
+185.2.220.0/22 Netflix
+185.9.188.0/22 Netflix
+185.25.182.0/23 Steam
+185.42.204.0/22 Twitch
+185.45.8.0/22 Dropbox
+185.76.151.0/24 Telegram
+185.105.164.0/24 Dropbox
+185.125.188.0/22 Ubuntu One
 185.199.108.0/22 GitHub
 188.64.224.0/21 Twitter
+190.217.33.0/24 Steam
 192.0.64.0/18 Wordpress
+192.16.64.0/21 Twitch
+192.30.252.0/22 GitHub
+192.69.96.0/22 Steam
+192.108.239.0/24 Twitch
+192.173.64.0/18 Netflix
+192.189.200.0/23 Dropbox
+194.169.254.0/24 Ubuntu One
+198.38.96.0/19 Netflix
+198.45.48.0/20 Netflix
+199.9.248.0/21 Twitch
 199.16.156.0/22 Twitter
 199.59.148.0/22 Twitter
+205.185.194.0/24 Steam
+205.196.6.0/24 Steam
+207.45.72.0/22 Netflix
+208.64.200.0/22 Steam
+208.75.76.0/22 Netflix
+208.78.164.0/22 Steam
 208.80.152.0/22 Wikipedia
 # StackPath

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7f00fdea5..822c9b09f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml
@@ -53,7 +53,7 @@ jobs:
53		53
54	# Initializes the CodeQL tools for scanning.	54	# Initializes the CodeQL tools for scanning.
55	- name: Initialize CodeQL	55	- name: Initialize CodeQL
56	uses: github/codeql-action/init@b398f525a5587552e573b247ac661067fafa920b	56	uses: github/codeql-action/init@904260d7d935dff982205cbdb42025ce30b7a34f
57	with:	57	with:
58	languages: ${{ matrix.language }}	58	languages: ${{ matrix.language }}
59	# If you wish to specify custom queries, you can do so here or in a config file.	59	# If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
64	# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).	64	# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
65	# If this step fails, then you should remove it and run the build manually (see below)	65	# If this step fails, then you should remove it and run the build manually (see below)
66	- name: Autobuild	66	- name: Autobuild
67	uses: github/codeql-action/autobuild@b398f525a5587552e573b247ac661067fafa920b	67	uses: github/codeql-action/autobuild@904260d7d935dff982205cbdb42025ce30b7a34f
68		68
69	# ℹ️ Command-line programs to run using the OS shell.	69	# ℹ️ Command-line programs to run using the OS shell.
70	# 📚 https://git.io/JvXDl	70	# 📚 https://git.io/JvXDl
@@ -78,4 +78,4 @@ jobs:
78	# make release	78	# make release
79		79
80	- name: Perform CodeQL Analysis	80	- name: Perform CodeQL Analysis
81	uses: github/codeql-action/analyze@b398f525a5587552e573b247ac661067fafa920b	81	uses: github/codeql-action/analyze@904260d7d935dff982205cbdb42025ce30b7a34f


diff --git a/src/firejail/join.c b/src/firejail/join.c index 96d891a49..01fd6c41d 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -545,7 +545,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
545	dbus_set_system_bus_env();	545	dbus_set_system_bus_env();
546	#endif	546	#endif
547		547
548	start_application(0, shfd, NULL);	548	start_application(arg_join_network \|\| arg_join_filesystem, shfd, NULL);
549		549
550	__builtin_unreachable();	550	__builtin_unreachable();
551	}	551	}


diff --git a/src/firejail/main.c b/src/firejail/main.c index c7da3c95c..12c2cf02b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -824,7 +824,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
824	// try to join by name only	824	// try to join by name only
825	pid_t pid;	825	pid_t pid;
826	if (!read_pid(argv[i] + 16, &pid)) {	826	if (!read_pid(argv[i] + 16, &pid)) {
827
828	join(pid, argc, argv, i + 1);	827	join(pid, argc, argv, i + 1);
829	exit(0);	828	exit(0);
830	}	829	}
@@ -843,6 +842,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
843	exit(1);	842	exit(1);
844	}	843	}
845		844
		845	if (argc <= (i+1))
		846	just_run_the_shell = 1;
		847	cfg.original_program_index = i + 1;
		848
846	// join sandbox by pid or by name	849	// join sandbox by pid or by name
847	pid_t pid = require_pid(argv[i] + 15);	850	pid_t pid = require_pid(argv[i] + 15);
848	join(pid, argc, argv, i + 1);	851	join(pid, argc, argv, i + 1);
@@ -860,6 +863,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
860	exit(1);	863	exit(1);
861	}	864	}
862		865
		866	if (argc <= (i+1))
		867	just_run_the_shell = 1;
		868	cfg.original_program_index = i + 1;
		869
863	// join sandbox by pid or by name	870	// join sandbox by pid or by name
864	pid_t pid = require_pid(argv[i] + 18);	871	pid_t pid = require_pid(argv[i] + 18);
865	join(pid, argc, argv, i + 1);	872	join(pid, argc, argv, i + 1);
@@ -3220,7 +3227,7 @@ int main(int argc, char argv, char envp) {
3220	errExit("setresuid");	3227	errExit("setresuid");
3221		3228
3222	char arg[64];	3229	char arg[64];
3223	snprintf(arg, sizeof(arg), "--netlock=%d", getpid());	3230	snprintf(arg, sizeof(arg), "--netlock=%d", sandbox_pid);
3224		3231
3225	char *cmd[3];	3232	char *cmd[3];
3226	cmd[0] = BINDIR "/firejail";	3233	cmd[0] = BINDIR "/firejail";


diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map index 97bed7a1f..d1ce29dac 100644 --- a/src/fnettrace/static-ip-map +++ b/src/fnettrace/static-ip-map
@@ -33,6 +33,11 @@
33	#	33	#
34	#	34	#
35		35
		36	#
		37	# The following list of addresses was compiled from various public sources.
		38	#
		39
		40
36	# local network addresses	41	# local network addresses
37	192.168.0.0/16 local network	42	192.168.0.0/16 local network
38	10.0.0.0/8 local network	43	10.0.0.0/8 local network
@@ -81,19 +86,89 @@
81	201.159.220.0/22 whois.lacnic.net Ecuador	86	201.159.220.0/22 whois.lacnic.net Ecuador
82		87
83	# some popular websites	88	# some popular websites
		89	23.160.0.0/24 Twitch
		90	23.246.0.0/18, Netflix
84	31.13.24.0/21 Facebook	91	31.13.24.0/21 Facebook
85	31.13.64.0/18 Facebook	92	31.13.64.0/18 Facebook
		93	37.77.184.0/21 Netflix
		94	45.57.0.0/17 Netflix
		95	45.58.64.0/20 Dropbox
		96	45.113.128.0/22 Twitch
		97	52.223.192.0/18 Twitch
		98	63.245.208.0/23 Mozilla
86	64.63.0.0/18 Twitter	99	64.63.0.0/18 Twitter
		100	64.112.13.0/24 Dropbox
		101	64.120.128.0/17 Netflix
		102	66.197.128.0/17 Netflix
		103	69.53.224.0/19 Netflix
87	69.171.224.0/19 Facebook	104	69.171.224.0/19 Facebook
		105	91.105.192.0/23 Telegram
		106	91.108.4.0/22 Telegram
		107	91.108.8.0/21 Telegram
		108	91.108.16.0/21 Telegram
		109	91.108.56.0/22 Telegram
		110	91.189.88.0/24 Ubuntu One
		111	91.189.90.0/23 Ubuntu One
		112	91.189.92.0/23 Ubuntu One
		113	91.189.94.0/24 Ubuntu One
		114	95.161.64.0/20 Telegram
		115	99.181.64.0/18 Twitch
		116	103.53.48.0/23 Twitch
88	104.244.40.0/21 Twitter	117	104.244.40.0/21 Twitter
89	129.134.0.0/16 Facebook	118	129.134.0.0/16 Facebook
90	140.82.112.0/20 GitHub	119	140.82.112.0/20 GitHub
		120	103.10.124.0/23 Steam
		121	103.28.54.0/24 Steam
		122	108.160.160.0/20 Dropbox
		123	108.175.32.0/20 Netflix
		124	143.55.64.0/20 Github
		125	146.66.152.0/24 Steam
		126	146.66.155.0/24 Steam
		127	149.154.160.0/20 Telegram
		128	153.254.86.0/24 Steam
		129	155.133.224.0/22 Steam
		130	155.133.230.0/24 Steam
		131	155.133.232.0/23 Steam
		132	155.133.234.0/24 Steam
		133	155.133.236.0/22 Steam
		134	155.133.240.0/23 Steam
		135	155.133.245.0/24 Steam
		136	155.133.246.0/24 Steam
		137	155.133.248.0/21 Steam
91	157.240.0.0/16 Facebook	138	157.240.0.0/16 Facebook
		139	162.125.0.0/16 Dropbox
		140	162.213.32.0/22 Ubuntu One
		141	162.254.192.0/21 Steam
		142	185.2.220.0/22 Netflix
		143	185.9.188.0/22 Netflix
		144	185.25.182.0/23 Steam
		145	185.42.204.0/22 Twitch
		146	185.45.8.0/22 Dropbox
		147	185.76.151.0/24 Telegram
		148	185.105.164.0/24 Dropbox
		149	185.125.188.0/22 Ubuntu One
92	185.199.108.0/22 GitHub	150	185.199.108.0/22 GitHub
93	188.64.224.0/21 Twitter	151	188.64.224.0/21 Twitter
		152	190.217.33.0/24 Steam
94	192.0.64.0/18 Wordpress	153	192.0.64.0/18 Wordpress
		154	192.16.64.0/21 Twitch
		155	192.30.252.0/22 GitHub
		156	192.69.96.0/22 Steam
		157	192.108.239.0/24 Twitch
		158	192.173.64.0/18 Netflix
		159	192.189.200.0/23 Dropbox
		160	194.169.254.0/24 Ubuntu One
		161	198.38.96.0/19 Netflix
		162	198.45.48.0/20 Netflix
		163	199.9.248.0/21 Twitch
95	199.16.156.0/22 Twitter	164	199.16.156.0/22 Twitter
96	199.59.148.0/22 Twitter	165	199.59.148.0/22 Twitter
		166	205.185.194.0/24 Steam
		167	205.196.6.0/24 Steam
		168	207.45.72.0/22 Netflix
		169	208.64.200.0/22 Steam
		170	208.75.76.0/22 Netflix
		171	208.78.164.0/22 Steam
97	208.80.152.0/22 Wikipedia	172	208.80.152.0/22 Wikipedia
98		173
99	# StackPath	174	# StackPath