From cb5a3046fc3f8d498af7bf1e6bc9e7c90e16a828 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 4 Apr 2016 21:14:15 -0400
Subject: grsecurity: --join, --shutdown

---
 src/firejail/join.c     | 2 ++
 src/firejail/shutdown.c | 2 ++
 src/firejail/util.c     | 5 ++++-
 test/pid.exp            | 5 +++--
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/firejail/join.c b/src/firejail/join.c
index 251260091..98e140ce4 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -201,7 +201,9 @@ void join(pid_t pid, int argc, char **argv, int index) {
 	extract_command(argc, argv, index);
 
 	// if the pid is that of a firejail  process, use the pid of the first child process
+	EUID_ROOT();
 	char *comm = pid_proc_comm(pid);
+	EUID_USER();
 	if (comm) {
 		if (strcmp(comm, "firejail") == 0) {
 			pid_t child;
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index 3671901d0..b7ef48c8d 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -44,7 +44,9 @@ void shut(pid_t pid) {
 	
 	pid_t parent = pid;
 	// if the pid is that of a firejail  process, use the pid of a child process inside the sandbox
+	EUID_ROOT();
 	char *comm = pid_proc_comm(pid);
+	EUID_USER();
 	if (comm) {
 		if (strcmp(comm, "firejail") == 0) {
 			pid_t child;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 1fa60bb4d..da73bbfd5 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -346,6 +346,7 @@ int find_child(pid_t parent, pid_t *child) {
 	*child = 0;				  // use it to flag a found child
 
 	DIR *dir;
+	EUID_ROOT(); // grsecurity fix
 	if (!(dir = opendir("/proc"))) {
 		// sleep 2 seconds and try again
 		sleep(2);
@@ -397,7 +398,7 @@ int find_child(pid_t parent, pid_t *child) {
 		free(file);
 	}
 	closedir(dir);
-
+	EUID_USER();
 	return (*child)? 0:1;			  // 0 = found, 1 = not found
 }
 
@@ -576,6 +577,7 @@ uid_t pid_get_uid(pid_t pid) {
 		perror("asprintf");
 		exit(1);
 	}
+	EUID_ROOT();	// grsecurity fix
 	FILE *fp = fopen(file, "r");
 	if (!fp) {
 		free(file);
@@ -602,6 +604,7 @@ uid_t pid_get_uid(pid_t pid) {
 
 	fclose(fp);
 	free(file);
+	EUID_USER();	// grsecurity fix
 	
 	if (rv == 0) {
 		fprintf(stderr, "Error: cannot read /proc file\n");
diff --git a/test/pid.exp b/test/pid.exp
index d382feb96..fb5b90f04 100755
--- a/test/pid.exp
+++ b/test/pid.exp
@@ -37,7 +37,8 @@ sleep 1
 send -- "ps aux |wc -l; pwd\r"
 expect {
 	timeout {puts "TESTING ERROR 5\n";exit}
-	"6"
+	"6" {puts "normal system\n'}
+	"5" {puts "grsecurity\n"}
 }
 expect {
 	timeout {puts "TESTING ERROR 6\n";exit}
@@ -45,4 +46,4 @@ expect {
 }
 sleep 1
 
-puts "\n"
+puts "\nall done\n"
-- 
cgit v1.2.3-54-g00ecf