[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f47526d9-157e-1600-8f64-d737db07753c@web.de>
Date: Fri, 6 Jan 2017 18:08:36 +0100
From: sivmu <sivmu@....de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Firejail local root exploit
Am 05.01.2017 um 23:37 schrieb Martin Carpenter:
> Setuid-root makes me sad, copy_file() worries me still and the ability
> for a non-priv user to run any seccomp filter on anything feels like an
> accident waiting to happen (assuming it cannot already be exploited).
Non-priv users can run seccomp filter on anything anyway.
Seccomp does not rewuire any privileges and as far as I know it onl
restricts permissions (to use syscalls) and never expands them.
Also the question is how many of these issues are specific to firejail
and how many of them also applied to (user)namespaces in general or
wrapper tool lke bubblewrap that utilise namespaces as firejail does.
Meaning some of these issues could applie to a lot more programms.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
