diff options
Diffstat (limited to 'sandbox/linux/suid/sandbox.cc')
| -rw-r--r-- | sandbox/linux/suid/sandbox.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox/linux/suid/sandbox.cc b/sandbox/linux/suid/sandbox.cc index 2c4a2fa..e784d87 100644 --- a/sandbox/linux/suid/sandbox.cc +++ b/sandbox/linux/suid/sandbox.cc @@ -256,6 +256,12 @@ int main(int argc, char **argv) { return 1; } + if ((S_ISUID | S_ISGID) & st.st_mode) { + fprintf(stderr, "The development sandbox is refusing to run %s because it " + "is SUID or SGID\n", argv[1]); + return 1; + } + char proc_fd_buffer[128]; snprintf(proc_fd_buffer, sizeof(proc_fd_buffer), "/proc/self/fd/%d", binary_fd); argv[1] = proc_fd_buffer; |