Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Jan 2017 23:42:21 +0000
From: KellerFuchs <KellerFuchs@...hbang.sh>
To: oss-security@...ts.openwall.com
Cc: netblue30@...oo.com, team@...hbang.sh
Subject: Re: Firejail local root exploit

On Wed, Jan 04, 2017 at 02:12:48PM +0100, Sebastian Krahmer wrote:
> Hi
> 
> Please find attached PoC for firejail, which seems to be quite
> popular sandboxing tool.
> 
> Sebastian


Hi Sebastian,

Thanks a lot for discovering this issue.

For information:
- this specific issue can be mitigated by setting `x11 no` in `/etc/firejail/firejail.config`, as in
  https://github.com/hashbang/shell-etc/pull/133
- the initial fix commited by netblues (firejail's dev) is racy:
  https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250#commitcomment-20366636


Best,

  Keller Fuchs

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ