[GH-ISSUE #528] security issues disclosure #371

New issue

Closed

opened 2026-05-05 05:42:26 -06:00 by gitea-mirror · 18 comments

gitea-mirror commented 2026-05-05 05:42:26 -06:00

Owner

Copy link

Originally created by @vn971 on GitHub (May 20, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/528

There is currently no official way to disclose security issues in firejail. Since firejail is SUID and is a security tool, a disclosure channel might become very appropriate in time.

The goal of a security disclosure channel is to make fixing patches closer in time to deployment time. (By removing the gap where an issue is publicly known but no patch exist yet.)

Example solution:
an official email and GPG public key so that people can send encrypted mails.

Originally created by @vn971 on GitHub (May 20, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/528 There is currently no official way to disclose security issues in firejail. Since firejail is SUID and is a security tool, a disclosure channel might become very appropriate in time. The goal of a security disclosure channel is to make fixing patches closer in time to deployment time. (By removing the gap where an issue is publicly known but no patch exist yet.) Example solution: an official email and GPG public key so that people can send encrypted mails.

gitea-mirror closed this issue 2026-05-05 05:42:28 -06:00

gitea-mirror commented 2026-05-05 05:42:33 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (May 20, 2016):

Send an email to netblue30@yahoo.com , no GPG, just keep it simple. Maybe I can open an email list where I disclose important security fixes so people can update the software.

<!-- gh-comment-id:220595401 --> @netblue30 commented on GitHub (May 20, 2016): Send an email to netblue30@yahoo.com , no GPG, just keep it simple. Maybe I can open an email list where I disclose important security fixes so people can update the software.

gitea-mirror commented 2026-05-05 05:42:35 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (May 20, 2016):

For the time being, OK. If firejail grows, I'd still advise to use GPG. It's the "Enigmail" plugin if you use thunderbird, for example.

Anyway, closing the ticket for now.

<!-- gh-comment-id:220597042 --> @vn971 commented on GitHub (May 20, 2016): For the time being, OK. If firejail grows, I'd still advise to use GPG. It's the "Enigmail" plugin if you use thunderbird, for example. Anyway, closing the ticket for now.

gitea-mirror commented 2026-05-05 05:42:38 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (May 20, 2016):

"Firejail-security mailing list" sounds good, especially if it's not a google one.

<!-- gh-comment-id:220597309 --> @vn971 commented on GitHub (May 20, 2016): "Firejail-security mailing list" sounds good, especially if it's not a google one.

gitea-mirror commented 2026-05-05 05:42:40 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (May 23, 2016):

Can you suggest a mailing list? The only one I used so far was google.

<!-- gh-comment-id:221036719 --> @netblue30 commented on GitHub (May 23, 2016): Can you suggest a mailing list? The only one I used so far was google.

gitea-mirror commented 2026-05-05 05:42:42 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (May 23, 2016):

Sourceforge has mailing lists. But I guess you no longer want to use it.

<!-- gh-comment-id:221037532 --> @reinerh commented on GitHub (May 23, 2016): Sourceforge has mailing lists. But I guess you no longer want to use it.

gitea-mirror commented 2026-05-05 05:42:44 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (May 23, 2016):

For sure I can use it, it is already there, I just have to enable it. Thanks.

<!-- gh-comment-id:221049971 --> @netblue30 commented on GitHub (May 23, 2016): For sure I can use it, it is already there, I just have to enable it. Thanks.

gitea-mirror commented 2026-05-05 05:42:45 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (May 23, 2016):

Offtopic: I did send a report to the official mail address, the same day this issue was opened.

<!-- gh-comment-id:221056024 --> @vn971 commented on GitHub (May 23, 2016): Offtopic: I did send a report to the official mail address, the same day this issue was opened.

gitea-mirror commented 2026-05-05 05:42:48 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (May 23, 2016):

Note that "disclosure" and "news announcement" are very different things.
I wanted to address "disclosure" in this issue, meaning letting the main developer know about issues (but not letting others know, yet).

<!-- gh-comment-id:221061011 --> @vn971 commented on GitHub (May 23, 2016): Note that "disclosure" and "news announcement" are very different things. I wanted to address "disclosure" in this issue, meaning letting the main developer know about issues (but not letting others know, yet).

gitea-mirror commented 2026-05-05 05:42:50 -06:00

Author

Owner

Copy link

@requiredregistration commented on GitHub (May 23, 2016):

there is no need for mailing lists and forums. we have the issues tracker here.

e-mail cryptography is important and it would be good to have your setup ready for it. you will still be able to receive non-encrypted e-mails. read this for a quick start.

in the 'release notes' we will learn about solved security problems.

<!-- gh-comment-id:221097160 --> @requiredregistration commented on GitHub (May 23, 2016): there is no need for mailing lists and forums. we have the issues tracker here. e-mail cryptography is important and it would be good to have your setup ready for it. you will still be able to receive non-encrypted e-mails. read [this](https://en.wikipedia.org/wiki/GNU_Privacy_Guard#Application_support) for a quick start. in the 'release notes' we will learn about solved security problems.

gitea-mirror commented 2026-05-05 05:42:52 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (Aug 2, 2016):

@netblue30 any updates on the security issue I wrote to netblue30@yahoo.com ?
I've had some inconveniences because of this today, will be happy to hear any news. Did you get the e-mail / acknowledged what I write?

<!-- gh-comment-id:237047953 --> @vn971 commented on GitHub (Aug 2, 2016): @netblue30 any updates on the security issue I wrote to netblue30@yahoo.com ? I've had some inconveniences because of this today, will be happy to hear any news. Did you get the e-mail / acknowledged what I write?

gitea-mirror commented 2026-05-05 05:42:54 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 3, 2016):

OOPS! I've just found it, sorry for that. The message is form May 20, with ~/deletme. Is this right?

<!-- gh-comment-id:237223544 --> @netblue30 commented on GitHub (Aug 3, 2016): OOPS! I've just found it, sorry for that. The message is form May 20, with ~/deletme. Is this right?

gitea-mirror commented 2026-05-05 05:42:56 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (Aug 3, 2016):

@netblue30 Yup, that's the one. ("deleteme".)

<!-- gh-comment-id:237268919 --> @vn971 commented on GitHub (Aug 3, 2016): @netblue30 Yup, that's the one. ("deleteme".)

gitea-mirror commented 2026-05-05 05:42:59 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 3, 2016):

I have no idea how I managed to miss it, I'll bring in a fix shortly, thanks!

<!-- gh-comment-id:237381367 --> @netblue30 commented on GitHub (Aug 3, 2016): I have no idea how I managed to miss it, I'll bring in a fix shortly, thanks!

gitea-mirror commented 2026-05-05 05:43:02 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (Aug 4, 2016):

@netblue30 no problem. I guess you have lots of tickets/comments each weak. Will be waiting, thanks.

<!-- gh-comment-id:237483077 --> @vn971 commented on GitHub (Aug 4, 2016): @netblue30 no problem. I guess you have lots of tickets/comments each weak. Will be waiting, thanks.

gitea-mirror commented 2026-05-05 05:43:04 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 5, 2016):

Fixed. It was the ugliest bug so far, thanks!

<!-- gh-comment-id:237839850 --> @netblue30 commented on GitHub (Aug 5, 2016): Fixed. It was the ugliest bug so far, thanks!

gitea-mirror commented 2026-05-05 05:43:05 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (Aug 5, 2016):

@netblue30 hey, I want a badge then: "found the ugliest bug so far". Just kiddin.:)
Thanks!

<!-- gh-comment-id:237925946 --> @vn971 commented on GitHub (Aug 5, 2016): @netblue30 hey, I want a badge then: "found the ugliest bug so far". Just kiddin.:) Thanks!

gitea-mirror commented 2026-05-05 05:43:07 -06:00

Author

Owner

Copy link

@vn971 commented on GitHub (Aug 5, 2016):

Or maybe "mails a new issue every friday". (I've created one other now.)

<!-- gh-comment-id:237926861 --> @vn971 commented on GitHub (Aug 5, 2016): Or maybe "mails a new issue every friday". (I've created one other now.)

gitea-mirror commented 2026-05-05 05:43:08 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 7, 2016):

found the ugliest bug so far

Just take a look in the README file :)

<!-- gh-comment-id:238056361 --> @netblue30 commented on GitHub (Aug 7, 2016): > found the ugliest bug so far Just take a look in the README file :)

gitea-mirror referenced this issue 2026-05-05 10:04:30 -06:00

[PR #371] [MERGED] fs_etc: continue to copy files if one fails. #3606

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#371

No description provided.