From 9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Aug 2020 17:08:43 +0200
Subject: add dumpable warnings

---
 src/fsec-optimize/fsec_optimize.h | 1 +
 src/fsec-optimize/main.c          | 5 +++++
 2 files changed, 6 insertions(+)

(limited to 'src/fsec-optimize')

diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 211111641..034fde2ac 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -22,6 +22,7 @@
 #include "../include/common.h"
 #include "../include/seccomp.h"
 #include <sys/mman.h>
+#include <sys/prctl.h>
 
 // optimize.c
 struct sock_filter *duplicate(struct sock_filter *filter, int entries);
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 416d85b88..4da110583 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -44,6 +44,11 @@ printf("\n");
 		return 0;
 	}
 
+#ifdef WARN_DUMPABLE
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+		fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
+#endif
+
 	char *fname = argv[1];
 
 	// open input file
-- 
cgit v1.2.3-54-g00ecf