diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/list.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/firejail/list.c b/src/firejail/list.c index 676df6a14..e6f0cc7ac 100644 --- a/src/firejail/list.c +++ b/src/firejail/list.c | |||
@@ -18,9 +18,25 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include <sys/types.h> | ||
22 | #include <sys/stat.h> | ||
23 | |||
24 | void static grsec_elevate_privileges(void) { | ||
25 | struct stat s; | ||
26 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
27 | EUID_ROOT(); | ||
28 | |||
29 | // elevate privileges | ||
30 | if (setreuid(0, 0)) | ||
31 | errExit("setreuid"); | ||
32 | if (setregid(0, 0)) | ||
33 | errExit("setregid"); | ||
34 | } | ||
35 | } | ||
21 | 36 | ||
22 | void top(void) { | 37 | void top(void) { |
23 | EUID_ASSERT(); | 38 | EUID_ASSERT(); |
39 | grsec_elevate_privileges(); | ||
24 | 40 | ||
25 | char *arg[4]; | 41 | char *arg[4]; |
26 | arg[0] = "bash"; | 42 | arg[0] = "bash"; |
@@ -32,6 +48,7 @@ void top(void) { | |||
32 | 48 | ||
33 | void netstats(void) { | 49 | void netstats(void) { |
34 | EUID_ASSERT(); | 50 | EUID_ASSERT(); |
51 | grsec_elevate_privileges(); | ||
35 | 52 | ||
36 | char *arg[4]; | 53 | char *arg[4]; |
37 | arg[0] = "bash"; | 54 | arg[0] = "bash"; |
@@ -43,6 +60,7 @@ void netstats(void) { | |||
43 | 60 | ||
44 | void list(void) { | 61 | void list(void) { |
45 | EUID_ASSERT(); | 62 | EUID_ASSERT(); |
63 | grsec_elevate_privileges(); | ||
46 | 64 | ||
47 | char *arg[4]; | 65 | char *arg[4]; |
48 | arg[0] = "bash"; | 66 | arg[0] = "bash"; |
@@ -54,6 +72,7 @@ void list(void) { | |||
54 | 72 | ||
55 | void tree(void) { | 73 | void tree(void) { |
56 | EUID_ASSERT(); | 74 | EUID_ASSERT(); |
75 | grsec_elevate_privileges(); | ||
57 | 76 | ||
58 | char *arg[4]; | 77 | char *arg[4]; |
59 | arg[0] = "bash"; | 78 | arg[0] = "bash"; |