Skip to content
Permalink
Browse files Browse the repository at this point in the history
security fix
  • Loading branch information
netblue30 committed Jan 7, 2017
1 parent 6435525 commit 5d43fdc
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 8 deletions.
1 change: 1 addition & 0 deletions RELNOTES
@@ -1,5 +1,6 @@
firejail (0.9.45) baseline; urgency=low
* development version, work in progress
* security: --bandwidth root shel found by Martin Carpenter
* security: disabled --allow-debuggers when running on kernel
versions prior to 4.8; a kernel bug in ptrace system call
allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
Expand Down
9 changes: 1 addition & 8 deletions src/firejail/bandwidth.c
Expand Up @@ -435,15 +435,8 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in
if (setregid(0, 0))
errExit("setregid");

if (!cfg.shell)
cfg.shell = guess_shell();
if (!cfg.shell) {
fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n");
exit(1);
}

char *arg[4];
arg[0] = cfg.shell;
arg[0] = "/bin/sh";
arg[1] = "-c";
arg[2] = cmd;
arg[3] = NULL;
Expand Down

0 comments on commit 5d43fdc

Please sign in to comment.