From 9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Aug 2020 17:08:43 +0200
Subject: add dumpable warnings

---
 src/fsec-print/fsec_print.h | 1 +
 src/fsec-print/main.c       | 5 +++++
 2 files changed, 6 insertions(+)

(limited to 'src/fsec-print')

diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h
index 337199288..9d17e3f18 100644
--- a/src/fsec-print/fsec_print.h
+++ b/src/fsec-print/fsec_print.h
@@ -23,6 +23,7 @@
 #include "../include/seccomp.h"
 #include "../include/syscall.h"
 #include <sys/mman.h>
+#include <sys/prctl.h>
 
 // print.c
 void print(struct sock_filter *filter, int entries);
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index ade45c881..858289767 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -61,6 +61,11 @@ printf("\n");
 		return 0;
 	}
 
+#ifdef WARN_DUMPABLE
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+		fprintf(stderr, "Error fsec-print: I am dumpable\n");
+#endif
+
 	char *fname = argv[1];
 
 	// open input file
-- 
cgit v1.2.3-54-g00ecf