oss-sec mailing list archives
Re: Re: Firejail local root exploit
From: sivmu <sivmu () web de>
Date: Fri, 6 Jan 2017 18:08:36 +0100
Am 05.01.2017 um 23:37 schrieb Martin Carpenter:
Setuid-root makes me sad, copy_file() worries me still and the ability for a non-priv user to run any seccomp filter on anything feels like an accident waiting to happen (assuming it cannot already be exploited).
Non-priv users can run seccomp filter on anything anyway. Seccomp does not rewuire any privileges and as far as I know it onl restricts permissions (to use syscalls) and never expands them. Also the question is how many of these issues are specific to firejail and how many of them also applied to (user)namespaces in general or wrapper tool lke bubblewrap that utilise namespaces as firejail does. Meaning some of these issues could applie to a lot more programms.
Current thread:
- Firejail local root exploit Sebastian Krahmer (Jan 04)
- Re: Firejail local root exploit cve-assign (Jan 04)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit sivmu (Jan 06)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit cve-assign (Jan 04)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 07)