Date: Fri, 6 Jan 2017 11:11:53 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: Firejail local root exploit Hi Mitre, On Wed, Jan 04, 2017 at 12:16:49PM -0500, cve-assign@...re.org wrote: > > * Firejail has too broad attack surface that allows users > > * to specify a lot of options, where one of them eventually > > * broke by accessing user-files while running with euid 0. > > > const char *const ldso = "/etc/ld.so.preload"; > > ... > > snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home); > > ... > > symlink(ldso, path) > > Use CVE-2017-5180. Is this correct? It starts quite far into the 2017 namespace? Or have other CNAs allocated the previous 5000 ? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ