1 files changed, 79 insertions, 58 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 3140c5f70..b63e37444 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -25,7 +25,6 @@
 #include <grp.h>
 #include <sys/stat.h>
 
 static int arg_route = 0;
 static int arg_arp = 0;
 static int arg_tree = 0;
@@ -35,6 +34,9 @@ static int arg_caps = 0;
 static int arg_cpu = 0;
 static int arg_cgroup = 0;
 static int arg_x11 = 0;
+static int arg_top = 0;
+static int arg_list = 0;
+static int arg_netstats = 0;
 int arg_nowrap = 0;
 static struct termios tlocal;   // startup terminal setting
@@ -62,17 +64,6 @@ int find_child(int id) {
        return -1;
 }
-// drop privileges
-void firemon_drop_privs(void) {
-        // drop privileges
-        if (setgroups(0, NULL) < 0)
-                errExit("setgroups");
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
-}
 // sleep and wait for a key to be pressed
 void firemon_sleep(int st) {
        if (terminal_set == 0) {
@@ -129,53 +120,44 @@ int main(int argc, char **argv) {
                }
                
                // options without a pid argument
-                else if (strcmp(argv[i], "--top") == 0) {
+                else if (strcmp(argv[i], "--top") == 0)
-                        top(); // never to return
+                        arg_top = 1;
-                }
+                else if (strcmp(argv[i], "--list") == 0)
-                else if (strcmp(argv[i], "--list") == 0) {
+                        arg_list = 1;
-                        list();
+                else if (strcmp(argv[i], "--tree") == 0)
-                        return 0;
+                        arg_tree = 1;
-                }
                else if (strcmp(argv[i], "--netstats") == 0) {
                        struct stat s;
                        if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {
                                fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");
                                exit(1);
                        }       
+                        arg_netstats = 1;
-                        netstats();
-                        return 0;
                }
                // cumulative options with or without a pid argument
-                else if (strcmp(argv[i], "--x11") == 0) {
+                else if (strcmp(argv[i], "--x11") == 0)
                        arg_x11 = 1;
-                }
+                else if (strcmp(argv[i], "--cgroup") == 0)
-                else if (strcmp(argv[i], "--cgroup") == 0) {
                        arg_cgroup = 1;
-                }
+                else if (strcmp(argv[i], "--cpu") == 0)
-                else if (strcmp(argv[i], "--cpu") == 0) {
                        arg_cpu = 1;
-                }
+                else if (strcmp(argv[i], "--seccomp") == 0)
-                else if (strcmp(argv[i], "--seccomp") == 0) {
                        arg_seccomp = 1;
-                }
+                else if (strcmp(argv[i], "--caps") == 0)
-                else if (strcmp(argv[i], "--caps") == 0) {
                        arg_caps = 1;
-                }
-                else if (strcmp(argv[i], "--tree") == 0) {
-                        arg_tree = 1;
-                }
                else if (strcmp(argv[i], "--interface") == 0) {
+                        if (getuid() != 0) {
+                                fprintf(stderr, "Error: you need to be root to run this command\n");
+                                exit(1);
+                        }
                        arg_interface = 1;
                }
-                else if (strcmp(argv[i], "--route") == 0) {
+                else if (strcmp(argv[i], "--route") == 0)
                        arg_route = 1;
-                }
+                else if (strcmp(argv[i], "--arp") == 0)
-                else if (strcmp(argv[i], "--arp") == 0) {
                        arg_arp = 1;
-                }
                else if (strncmp(argv[i], "--name=", 7) == 0) {
                        char *name = argv[i] + 7;
@@ -212,27 +194,66 @@ int main(int argc, char **argv) {
                }
        }
-        if (arg_tree)
+        // allow only root user if /proc is mounted hidepid
+        if (pid_hidepid() && getuid() != 0) {
+                fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n");
+                exit(1);
+        }
+        
+        if (arg_top) {
+                top(); 
+                return 0;
+        }
+        if (arg_list) {
+                list();
+                return 0;
+        }
+        if (arg_netstats) {
+                netstats();
+                return 0;               
+        }
+        
+        // cumulative options
+        int print_procs = 1;
+        if (arg_tree) {
                tree((pid_t) pid);
-        if (arg_interface)
+                print_procs = 0;
-                interface((pid_t) pid);
+        }
-        if (arg_route)
+        if (arg_cpu) {
-                route((pid_t) pid);
+                cpu((pid_t) pid, print_procs);
-        if (arg_arp)
+                print_procs = 0;
-                arp((pid_t) pid);
+        }
-        if (arg_seccomp)
+        if (arg_seccomp) {
-                seccomp((pid_t) pid);
+                seccomp((pid_t) pid, print_procs);
-        if (arg_caps)
+                print_procs = 0;
-                caps((pid_t) pid);
+        }
-        if (arg_cpu)
+        if (arg_caps) {
-                cpu((pid_t) pid);
+                caps((pid_t) pid, print_procs);
-        if (arg_cgroup)
+                print_procs = 0;
-                cgroup((pid_t) pid);
+        }
-        if (arg_x11)
+        if (arg_cgroup) {
-                x11((pid_t) pid);
+                cgroup((pid_t) pid, print_procs);
+                print_procs = 0;
+        }
+        if (arg_x11) {
+                x11((pid_t) pid, print_procs);
+                print_procs = 0;
+        }
+        if (arg_interface) {
+                interface((pid_t) pid, print_procs);
+                print_procs = 0;
+        }
+        if (arg_route) {
+                route((pid_t) pid, print_procs);
+                print_procs = 0;
+        }
+        if (arg_arp) {
+                arp((pid_t) pid, print_procs);
+                print_procs = 0;
+        }
        
-        if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11)
+        if (print_procs)
-                procevent((pid_t) pid); // never to return
+                procevent((pid_t) pid);
                
        return 0;
 }

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 3140c5f70..b63e37444 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -25,7 +25,6 @@
25	#include <grp.h>	25	#include <grp.h>
26	#include <sys/stat.h>	26	#include <sys/stat.h>
27		27
28
29	static int arg_route = 0;	28	static int arg_route = 0;
30	static int arg_arp = 0;	29	static int arg_arp = 0;
31	static int arg_tree = 0;	30	static int arg_tree = 0;
@@ -35,6 +34,9 @@ static int arg_caps = 0;
35	static int arg_cpu = 0;	34	static int arg_cpu = 0;
36	static int arg_cgroup = 0;	35	static int arg_cgroup = 0;
37	static int arg_x11 = 0;	36	static int arg_x11 = 0;
		37	static int arg_top = 0;
		38	static int arg_list = 0;
		39	static int arg_netstats = 0;
38	int arg_nowrap = 0;	40	int arg_nowrap = 0;
39		41
40	static struct termios tlocal; // startup terminal setting	42	static struct termios tlocal; // startup terminal setting
@@ -62,17 +64,6 @@ int find_child(int id) {
62	return -1;	64	return -1;
63	}	65	}
64		66
65	// drop privileges
66	void firemon_drop_privs(void) {
67	// drop privileges
68	if (setgroups(0, NULL) < 0)
69	errExit("setgroups");
70	if (setgid(getgid()) < 0)
71	errExit("setgid/getgid");
72	if (setuid(getuid()) < 0)
73	errExit("setuid/getuid");
74	}
75
76	// sleep and wait for a key to be pressed	67	// sleep and wait for a key to be pressed
77	void firemon_sleep(int st) {	68	void firemon_sleep(int st) {
78	if (terminal_set == 0) {	69	if (terminal_set == 0) {
@@ -129,53 +120,44 @@ int main(int argc, char **argv) {
129	}	120	}
130		121
131	// options without a pid argument	122	// options without a pid argument
132	else if (strcmp(argv[i], "--top") == 0) {	123	else if (strcmp(argv[i], "--top") == 0)
133	top(); // never to return	124	arg_top = 1;
134	}	125	else if (strcmp(argv[i], "--list") == 0)
135	else if (strcmp(argv[i], "--list") == 0) {	126	arg_list = 1;
136	list();	127	else if (strcmp(argv[i], "--tree") == 0)
137	return 0;	128	arg_tree = 1;
138	}
139	else if (strcmp(argv[i], "--netstats") == 0) {	129	else if (strcmp(argv[i], "--netstats") == 0) {
140	struct stat s;	130	struct stat s;
141	if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {	131	if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {
142	fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");	132	fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");
143	exit(1);	133	exit(1);
144	}	134	}
145		135	arg_netstats = 1;
146	netstats();
147	return 0;
148	}	136	}
149		137
150		138
151	// cumulative options with or without a pid argument	139	// cumulative options with or without a pid argument
152	else if (strcmp(argv[i], "--x11") == 0) {	140	else if (strcmp(argv[i], "--x11") == 0)
153	arg_x11 = 1;	141	arg_x11 = 1;
154	}	142	else if (strcmp(argv[i], "--cgroup") == 0)
155	else if (strcmp(argv[i], "--cgroup") == 0) {
156	arg_cgroup = 1;	143	arg_cgroup = 1;
157	}	144	else if (strcmp(argv[i], "--cpu") == 0)
158	else if (strcmp(argv[i], "--cpu") == 0) {
159	arg_cpu = 1;	145	arg_cpu = 1;
160	}	146	else if (strcmp(argv[i], "--seccomp") == 0)
161	else if (strcmp(argv[i], "--seccomp") == 0) {
162	arg_seccomp = 1;	147	arg_seccomp = 1;
163	}	148	else if (strcmp(argv[i], "--caps") == 0)
164	else if (strcmp(argv[i], "--caps") == 0) {
165	arg_caps = 1;	149	arg_caps = 1;
166	}
167	else if (strcmp(argv[i], "--tree") == 0) {
168	arg_tree = 1;
169	}
170	else if (strcmp(argv[i], "--interface") == 0) {	150	else if (strcmp(argv[i], "--interface") == 0) {
		151	if (getuid() != 0) {
		152	fprintf(stderr, "Error: you need to be root to run this command\n");
		153	exit(1);
		154	}
171	arg_interface = 1;	155	arg_interface = 1;
172	}	156	}
173	else if (strcmp(argv[i], "--route") == 0) {	157	else if (strcmp(argv[i], "--route") == 0)
174	arg_route = 1;	158	arg_route = 1;
175	}	159	else if (strcmp(argv[i], "--arp") == 0)
176	else if (strcmp(argv[i], "--arp") == 0) {
177	arg_arp = 1;	160	arg_arp = 1;
178	}
179		161
180	else if (strncmp(argv[i], "--name=", 7) == 0) {	162	else if (strncmp(argv[i], "--name=", 7) == 0) {
181	char *name = argv[i] + 7;	163	char *name = argv[i] + 7;
@@ -212,27 +194,66 @@ int main(int argc, char **argv) {
212	}	194	}
213	}	195	}
214		196
215	if (arg_tree)	197	// allow only root user if /proc is mounted hidepid
		198	if (pid_hidepid() && getuid() != 0) {
		199	fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n");
		200	exit(1);
		201	}
		202
		203	if (arg_top) {
		204	top();
		205	return 0;
		206	}
		207	if (arg_list) {
		208	list();
		209	return 0;
		210	}
		211	if (arg_netstats) {
		212	netstats();
		213	return 0;
		214	}
		215
		216	// cumulative options
		217	int print_procs = 1;
		218	if (arg_tree) {
216	tree((pid_t) pid);	219	tree((pid_t) pid);
217	if (arg_interface)	220	print_procs = 0;
218	interface((pid_t) pid);	221	}
219	if (arg_route)	222	if (arg_cpu) {
220	route((pid_t) pid);	223	cpu((pid_t) pid, print_procs);
221	if (arg_arp)	224	print_procs = 0;
222	arp((pid_t) pid);	225	}
223	if (arg_seccomp)	226	if (arg_seccomp) {
224	seccomp((pid_t) pid);	227	seccomp((pid_t) pid, print_procs);
225	if (arg_caps)	228	print_procs = 0;
226	caps((pid_t) pid);	229	}
227	if (arg_cpu)	230	if (arg_caps) {
228	cpu((pid_t) pid);	231	caps((pid_t) pid, print_procs);
229	if (arg_cgroup)	232	print_procs = 0;
230	cgroup((pid_t) pid);	233	}
231	if (arg_x11)	234	if (arg_cgroup) {
232	x11((pid_t) pid);	235	cgroup((pid_t) pid, print_procs);
		236	print_procs = 0;
		237	}
		238	if (arg_x11) {
		239	x11((pid_t) pid, print_procs);
		240	print_procs = 0;
		241	}
		242	if (arg_interface) {
		243	interface((pid_t) pid, print_procs);
		244	print_procs = 0;
		245	}
		246	if (arg_route) {
		247	route((pid_t) pid, print_procs);
		248	print_procs = 0;
		249	}
		250	if (arg_arp) {
		251	arp((pid_t) pid, print_procs);
		252	print_procs = 0;
		253	}
233		254
234	if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11)	255	if (print_procs)
235	procevent((pid_t) pid); // never to return	256	procevent((pid_t) pid);
236		257
237	return 0;	258	return 0;
238	}	259	}