diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2020-07-29 20:16:16 +0200 |
---|---|---|
committer | Reiner Herrmann <reiner@reiner-h.de> | 2020-08-06 17:19:49 +0200 |
commit | 2c734d6350ad321fccbefc5ef0382199ac331b37 (patch) | |
tree | 9329a3ad1f27ced221266c94ee6c8755611801a8 /etc/profile-a-l/leafpad.profile | |
parent | Support to ingore a include foobar.inc (diff) | |
download | firejail-2c734d6350ad321fccbefc5ef0382199ac331b37.tar.gz firejail-2c734d6350ad321fccbefc5ef0382199ac331b37.tar.zst firejail-2c734d6350ad321fccbefc5ef0382199ac331b37.zip |
firejail: don't interpret output arguments after end-of-options tag
Firejail was parsing --output and --output-stderr options even after
the end-of-options separator ("--"), which would allow someone who
has control over command line options of the sandboxed application,
to write data to a specified file.
Fixes: CVE-2020-17367
Reported-by: Tim Starling <tstarling@wikimedia.org>
Diffstat (limited to 'etc/profile-a-l/leafpad.profile')
0 files changed, 0 insertions, 0 deletions