[PR #599] [MERGED] cpio sandbox profile for decompression #3678

New issue

Closed

opened 2026-05-05 10:05:53 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:05:53 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/599
Author: @jaykishanmutkawoa
Created: 6/25/2016
Status: ✅ Merged
Merged: 6/27/2016
Merged by: @netblue30

Base: master ← Head: master

📝 Commits (2)

82ebb6b cpio sandbox profile for decompression
135b323 sandbox profile for CPIO

📊 Changes

1 file changed (+8 additions, -0 deletions)

View changed files

➕ etc/cpio.profile (+8 -0)

📄 Description

For decompression purposes, this will allows CPIO to execute in a sandbox environment.
FYI, according to CVE 2016-2037, the cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
Other vulnerabilities listed are:
https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-5080/GNU-Cpio.html

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/599 **Author:** [@jaykishanmutkawoa](https://github.com/jaykishanmutkawoa) **Created:** 6/25/2016 **Status:** ✅ Merged **Merged:** 6/27/2016 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (2) - [`82ebb6b`](https://github.com/netblue30/firejail/commit/82ebb6b943cb8b9ad1de1109ae93629e95d17492) cpio sandbox profile for decompression - [`135b323`](https://github.com/netblue30/firejail/commit/135b32363fe676f05684b3a152da3c6110f65770) sandbox profile for CPIO ### 📊 Changes **1 file changed** (+8 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `etc/cpio.profile` (+8 -0) </details> ### 📄 Description For decompression purposes, this will allows CPIO to execute in a sandbox environment. FYI, according to CVE 2016-2037, the cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. Other vulnerabilities listed are: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-5080/GNU-Cpio.html --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:05:53 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:53:23 -06:00

[PR #6951] [MERGED] feature: add env-max-count / env-max-len to firejail.config #6243

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3678

No description provided.

Rows
Columns