mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 06:06:02 -06:00
moving eecf35c-backports.zip fix for seccomp/join bug in etc-fixes
This commit is contained in:
netblue30
parent
d8bc575f43
commit
30f6000e72
2 changed files with 11 additions and 0 deletions
11
etc-fixes/seccomp-join-bug/README
Normal file
11
etc-fixes/seccomp-join-bug/README
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
These are patches for various Firejail versions for the security bug reported by Austin Morton
|
||||
on May 21, 2019:
|
||||
|
||||
Seccomp filters are copied into /run/firejail/mnt, and are writable
|
||||
within the jail. A malicious process can modify files from inside the
|
||||
jail. Processes that are later joined to the jail will not have seccomp
|
||||
filters applied.
|
||||
|
||||
The original discussion thread: https://github.com/netblue30/firejail/issues/2718
|
||||
The fix on mainline: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
|
||||
|
||||
BIN
etc-fixes/seccomp-join-bug/eecf35c-backports.zip
Normal file
BIN
etc-fixes/seccomp-join-bug/eecf35c-backports.zip
Normal file
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue