Date: Wed, 4 Jan 2017 23:42:21 +0000 From: KellerFuchs <KellerFuchs@...hbang.sh> To: oss-security@...ts.openwall.com Cc: netblue30@...oo.com, team@...hbang.sh Subject: Re: Firejail local root exploit On Wed, Jan 04, 2017 at 02:12:48PM +0100, Sebastian Krahmer wrote: > Hi > > Please find attached PoC for firejail, which seems to be quite > popular sandboxing tool. > > Sebastian Hi Sebastian, Thanks a lot for discovering this issue. For information: - this specific issue can be mitigated by setting `x11 no` in `/etc/firejail/firejail.config`, as in https://github.com/hashbang/shell-etc/pull/133 - the initial fix commited by netblues (firejail's dev) is racy: https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250#commitcomment-20366636 Best, Keller Fuchs
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ