aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README1
-rw-r--r--RELNOTES1
-rw-r--r--src/firejail/main.c3
-rw-r--r--src/firejail/sandbox.c7
4 files changed, 12 insertions, 0 deletions
diff --git a/README b/README
index 0b2a27f02..dcdc7fde1 100644
--- a/README
+++ b/README
@@ -45,6 +45,7 @@ Aleksey Manevich (https://github.com/manevich)
45 - added --x11=block options 45 - added --x11=block options
46 - x11 xpra, xphyr, block profile commands 46 - x11 xpra, xphyr, block profile commands
47 - added --join-or-start command 47 - added --join-or-start command
48 - CVE-2016-7545
48Fred-Barclay (https://github.com/Fred-Barclay) 49Fred-Barclay (https://github.com/Fred-Barclay)
49 - added Vivaldi, Atril profiles 50 - added Vivaldi, Atril profiles
50 - added PaleMoon profile 51 - added PaleMoon profile
diff --git a/RELNOTES b/RELNOTES
index da882e461..f0528b28c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,5 @@
1firejail (0.9.43) baseline; urgency=low 1firejail (0.9.43) baseline; urgency=low
2 * CVE-2016-7545 submitted by Aleksey Manevich
2 * development version 3 * development version
3 * modifs: removed man firejail-config 4 * modifs: removed man firejail-config
4 * modifs: --private-tmp whitelists /tmp/.X11-unix directory 5 * modifs: --private-tmp whitelists /tmp/.X11-unix directory
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1f2ee9573..135ff17d8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -35,6 +35,8 @@
35#include <signal.h> 35#include <signal.h>
36#include <time.h> 36#include <time.h>
37#include <net/if.h> 37#include <net/if.h>
38#include <sys/ioctl.h>
39#include <termios.h>
38 40
39#if 0 41#if 0
40#include <sys/times.h> 42#include <sys/times.h>
@@ -141,6 +143,7 @@ static void myexit(int rv) {
141 EUID_ROOT(); 143 EUID_ROOT();
142 clear_run_files(sandbox_pid); 144 clear_run_files(sandbox_pid);
143 appimage_clear(); 145 appimage_clear();
146 ioctl(0, TCFLSH, TCIFLUSH);
144 147
145 exit(rv); 148 exit(rv);
146} 149}
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index cc5483c08..08296d823 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -28,6 +28,8 @@
28#include <sys/types.h> 28#include <sys/types.h>
29#include <dirent.h> 29#include <dirent.h>
30#include <errno.h> 30#include <errno.h>
31#include <sys/ioctl.h>
32#include <termios.h>
31 33
32#include <sched.h> 34#include <sched.h>
33#ifndef CLONE_NEWUSER 35#ifndef CLONE_NEWUSER
@@ -80,8 +82,10 @@ static void sandbox_handler(int sig){
80 82
81 } 83 }
82 84
85
83 // broadcast a SIGKILL 86 // broadcast a SIGKILL
84 kill(-1, SIGKILL); 87 kill(-1, SIGKILL);
88 ioctl(0, TCFLSH, TCIFLUSH);
85 exit(sig); 89 exit(sig);
86} 90}
87 91
@@ -290,6 +294,8 @@ void start_audit(void) {
290} 294}
291 295
292void start_application(void) { 296void start_application(void) {
297//if (setsid() == -1)
298//errExit("setsid");
293 //**************************************** 299 //****************************************
294 // audit 300 // audit
295 //**************************************** 301 //****************************************
@@ -890,6 +896,7 @@ int sandbox(void* sandbox_arg) {
890 } 896 }
891 897
892 int status = monitor_application(app_pid); // monitor application 898 int status = monitor_application(app_pid); // monitor application
899 ioctl(0, TCFLSH, TCIFLUSH);
893 900
894 if (WIFEXITED(status)) { 901 if (WIFEXITED(status)) {
895 // if we had a proper exit, return that exit status 902 // if we had a proper exit, return that exit status
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-29 09:34:09 +0000