github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2304] Some Security Questions Regarding Firejail #1536

New issue

Closed

opened 2026-05-05 08:11:56 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:11:56 -06:00

Owner

Originally created by @oositP on GitHub (Dec 18, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2304

I have been doing a bit of research and reading up on how reliable the security is on Firejail.

Ive come across a lot of user opinions and articles saying how Firejail has a broad attack surface because it uses setuid.
Can you tell me why these users believe that it is not safe to use Firejail?
See: here and here - first comment.

My concerns and question relates a lot to this user comment which no one bothered to answer.
Relating to that comment, is it possible that just using Firejail can actually create trouble for you rather than not using it at all?
For example, is it possible that if using skype on Ubuntu with Firejail, that skype (without us knowing) can somehow find a way to use the elevated root privileges?? (because that would be worrying)
Where and when would this "broad attack surface" actually become a problem? Only if another user knows you are using Firejail and targets you, or in some other scenario like if you use Firejail with a specific app?

Would appreciate your input, thanks

Originally created by @oositP on GitHub (Dec 18, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2304 I have been doing a bit of research and reading up on how reliable the security is on Firejail. Ive come across a lot of user opinions and articles saying how Firejail has a broad attack surface because it uses setuid. Can you tell me why these users believe that it is not safe to use Firejail? See: [here](https://www.exploit-db.com/exploits/43359) and [here](https://www.reddit.com/r/linux/comments/79mmzk/sandbox_your_applications_with_firejail/) - first comment. My concerns and question relates a lot to [this](https://www.reddit.com/r/linux/comments/79mmzk/sandbox_your_applications_with_firejail/dp3tvzj/) user comment which no one bothered to answer. Relating to that comment, is it possible that just using Firejail can actually create trouble for you rather than not using it at all? For example, is it possible that if using skype on Ubuntu with Firejail, that skype (without us knowing) can somehow find a way to use the elevated root privileges?? (because that would be worrying) Where and when would this "broad attack surface" actually become a problem? Only if another user knows you are using Firejail and targets you, or in some other scenario like if you use Firejail with a specific app? Would appreciate your input, thanks

gitea-mirror

2026-05-05 08:11:56 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:11:59 -06:00

Author

Owner

@Vincent43 commented on GitHub (Dec 19, 2018):

Those issues are applicable outside of jail, i.e. someone breaks into your system, finds you have firejail installed and use it to escalate privileges (there aren't public known ways to do it atm). This isn't typical threat scenario on single user desktop systems where all valuable targets lie under user $HOME and root access isn't needed to do the harm. So at this point you already lost.

This is also where firejail comes useful as the security benefit of using firejail matters inside of jail. It will protect your $HOME and rest of the system from breaking into it in first place for every app that is confined.

@Vincent43 commented on GitHub (Dec 19, 2018): Those issues are applicable **outside** of jail, i.e. someone breaks into your system, finds you have firejail installed and use it to escalate privileges (there aren't public known ways to do it atm). This isn't typical threat scenario on single user desktop systems where all valuable targets lie under user `$HOME` and root access isn't needed to do the harm. So at this point you already lost. This is also where firejail comes useful as the security benefit of using firejail matters **inside** of jail. It will protect your `$HOME` and rest of the system from breaking into it in first place for every app that is confined.

gitea-mirror commented

2026-05-05 08:12:00 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jan 15, 2019):

I'm going to go ahead and close this as the question seems to have been answered. @oositP, please feel free to re-open if you feel your concerns were not sufficiently addressed.

@chiraag-nataraj commented on GitHub (Jan 15, 2019): I'm going to go ahead and close this as the question seems to have been answered. @oositP, please feel free to re-open if you feel your concerns were not sufficiently addressed.

gitea-mirror referenced this issue

2026-05-05 10:12:06 -06:00

[PR #1536] [MERGED] Add a profile for Minetest #4011

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1536

No description provided.

Rows
Columns