aboutsummaryrefslogtreecommitdiffstats
path: root/src/faudit/pid.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/faudit/pid.c')
-rw-r--r--src/faudit/pid.c99
1 files changed, 0 insertions, 99 deletions
diff --git a/src/faudit/pid.c b/src/faudit/pid.c
deleted file mode 100644
index ec8c37dc7..000000000
--- a/src/faudit/pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
1/*
2 * Copyright (C) 2014-2021 Firejail Authors
3 *
4 * This file is part of firejail project
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19*/
20#include "faudit.h"
21
22void pid_test(void) {
23 static char *kern_proc[] = {
24 "kthreadd",
25 "ksoftirqd",
26 "kworker",
27 "rcu_sched",
28 "rcu_bh",
29 NULL // NULL terminated list
30 };
31 int i;
32
33 // look at the first 10 processes
34 int not_visible = 1;
35 for (i = 1; i <= 10; i++) {
36 struct stat s;
37 char *fname;
38 if (asprintf(&fname, "/proc/%d/comm", i) == -1)
39 errExit("asprintf");
40 if (stat(fname, &s) == -1) {
41 free(fname);
42 continue;
43 }
44
45 // open file
46 /* coverity[toctou] */
47 FILE *fp = fopen(fname, "r");
48 if (!fp) {
49 free(fname);
50 continue;
51 }
52
53 // read file
54 char buf[100];
55 if (fgets(buf, 10, fp) == NULL) {
56 fclose(fp);
57 free(fname);
58 continue;
59 }
60 not_visible = 0;
61
62 // clean /n
63 char *ptr;
64 if ((ptr = strchr(buf, '\n')) != NULL)
65 *ptr = '\0';
66
67 // check process name against the kernel list
68 int j = 0;
69 while (kern_proc[j] != NULL) {
70 if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) {
71 fclose(fp);
72 free(fname);
73 printf("BAD: Process %d is not running in a PID namespace. ", getpid());
74 printf("Are you sure you're running in a sandbox?\n");
75 return;
76 }
77 j++;
78 }
79
80 fclose(fp);
81 free(fname);
82 }
83
84 pid_t pid = getpid();
85 if (not_visible && pid > 100)
86 printf("BAD: Process %d is not running in a PID namespace.\n", pid);
87 else
88 printf("GOOD: process %d is running in a PID namespace.\n", pid);
89
90 // try to guess the type of container/sandbox
91 char *str = getenv("container");
92 if (str)
93 printf("INFO: container/sandbox %s.\n", str);
94 else {
95 str = getenv("SNAP");
96 if (str)
97 printf("INFO: this is a snap package\n");
98 }
99}