oss-sec mailing list archives

Re: Firejail local root exploit

From: KellerFuchs <KellerFuchs () hashbang sh>
Date: Wed, 4 Jan 2017 23:42:21 +0000

On Wed, Jan 04, 2017 at 02:12:48PM +0100, Sebastian Krahmer wrote:

Hi

Please find attached PoC for firejail, which seems to be quite
popular sandboxing tool.

Sebastian



Hi Sebastian,

Thanks a lot for discovering this issue.

For information:
- this specific issue can be mitigated by setting `x11 no` in `/etc/firejail/firejail.config`, as in
  https://github.com/hashbang/shell-etc/pull/133
- the initial fix commited by netblues (firejail's dev) is racy:
  https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250#commitcomment-20366636


Best,

  Keller Fuchs

Current thread:

Re: Re: Firejail local root exploit, (continued)
- - - Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
    - Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
    - Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
    - Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
    - Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
    - Re: Firejail local root exploit cve-assign (Jan 07)
    - Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
    - Re: Firejail local root exploit cve-assign (Jan 07)
  - Re: Re: Firejail local root exploit Marcus Meissner (Jan 06)
    - Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Firejail local root exploit KellerFuchs (Jan 05)
- Re: Firejail local root exploit Ion Ionescu (Jan 29)
  - Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Feb 09)