From ad9cb9724701e5aba9e90d3dbf00f9b89e335e3c Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 6 Apr 2016 10:14:35 -0400 Subject: grsecurity: --protocol.print --- src/firejail/protocol.c | 2 ++ test/protocol-print.exp | 21 +++++++++++++++++++++ test/test.sh | 7 +++++-- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100755 test/protocol-print.exp diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 70b8496ec..7e5ab7dfb 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c @@ -339,7 +339,9 @@ void protocol_print_filter(pid_t pid) { (void) pid; #ifdef SYS_socket // if the pid is that of a firejail process, use the pid of the first child process + EUID_ROOT(); char *comm = pid_proc_comm(pid); + EUID_USER(); if (comm) { if (strcmp(comm, "firejail") == 0) { pid_t child; diff --git a/test/protocol-print.exp b/test/protocol-print.exp new file mode 100755 index 000000000..4d1ae34d6 --- /dev/null +++ b/test/protocol-print.exp @@ -0,0 +1,21 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firejail --protocol.print=test\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "unix,inet,inet6" +} +sleep 1 +puts "\nall done\n" diff --git a/test/test.sh b/test/test.sh index 34a079d07..c8720044a 100755 --- a/test/test.sh +++ b/test/test.sh @@ -6,12 +6,15 @@ ./fscheck.sh -echo "TESTING: caps.print (caps-print.exp) +echo "TESTING: caps.print (caps-print.exp)" ./caps-print.exp -echo "TESTING: seccomp.print (seccomp-print.exp) +echo "TESTING: seccomp.print (seccomp-print.exp)" ./seccomp-print.exp +echo "TESTING: protocol.print (protocol-print.exp)" +./protocol-print.exp + echo "TESTING: sound (sound.exp)" ./sound.exp -- cgit v1.2.3-54-g00ecf