oss-sec mailing list archives
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 10 Oct 2018 08:46:05 -0700
On 10/10/18 05:53 AM, Hanno Böck wrote:
Nautilus is trying to solve this by sandboxing the thumbnailers. However this depends on bubblewrap and is currently fail-open, i.e. if bubblewrap is not available it will not disable the thumbnailing, it will just not sandbox it. In practice this means it's often not sandboxed. I doubt this will change any time soon.
And bubblewrap is very specific to running on a Linux kernel, so users
of GNOME on top of other kernels are also left unprotected by it.
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Current thread:
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961), (continued)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 16)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 17)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 17)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Emilio Pozuelo Monfort (Oct 11)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Brandon Perry (Oct 10)