github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

build: netfilter.c: replace system() with execv() (#7159)

Browse source
This commit is contained in:
orbisai0security 2026-05-13 19:18:27 +05:30 committed by GitHub
parent f2df11ae37
commit 5b5952573f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/firejail/netfilter.c
View file

@ -66,11 +66,12 @@ void netfilter_netlock(pid_t pid) {
env_apply_all();
umask(orig_umask);
char *cmd;
if (asprintf(&cmd, "%s -e \"%s/firejail/fnetlock --tail --log=%s\"", terminal, LIBDIR, flog) == -1)
char fnetlock_path[] = LIBDIR "/firejail/fnetlock";
char *log_arg;
if (asprintf(&log_arg, "--log=%s", flog) == -1)
errExit("asprintf");
int rv = system(cmd);
(void) rv;
char *exec_args[] = { terminal, "-e", fnetlock_path, "--tail", log_arg, NULL };
execv(terminal, exec_args);
exit(0);
}
}