From c8588f3953bc5be16b24c17197303487e130c8d6 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 4 Jun 2019 13:12:14 -0400
Subject: merge: shutdown option: give sandbox time to terminate;shutdown
 option: paranoid sleep - fix for CVE-2019-12499

---
 src/firejail/shutdown.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index be20cd353..87cf3eef8 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -62,15 +62,16 @@ void shut(pid_t pid) {
 	printf("Sending SIGTERM to %u\n", pid);
 	kill(pid, SIGTERM);
 
-	// wait for not more than 10 seconds
-	sleep(2);
-	int monsec = 8;
+	// wait for not more than 11 seconds
+	int monsec = 11;
 	char *monfile;
 	if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1)
 		errExit("asprintf");
 	int killdone = 0;
 
 	while (monsec) {
+		sleep(1);
+		monsec--;
 		FILE *fp = fopen(monfile, "r");
 		if (!fp) {
 			killdone = 1;
@@ -85,9 +86,6 @@ void shut(pid_t pid) {
 			killdone = 1;
 			break;
 		}
-
-		sleep(1);
-		monsec--;
 	}
 	free(monfile);
 
-- 
cgit v1.2.3-70-g09d2