firejail: don't pass command line through shell when redirecting output - firejail - Mirror of https://github.com/netblue30/firejail

diff options

author	Reiner Herrmann <reiner@reiner-h.de>	2020-07-29 20:22:52 +0200
committer	Reiner Herrmann <reiner@reiner-h.de>	2020-08-06 17:21:14 +0200
commit	34193604fed04cad2b7b6b0f1a3a0428afd9ed5b (patch)
tree	3be2dd9d6e879eda9639242e6ce9fe434b89b789 /src/include/common.h
parent	firejail: don't interpret output arguments after end-of-options tag (diff)
download	firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.tar.gz firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.tar.zst firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.zip

firejail: don't pass command line through shell when redirecting output

When redirecting output via --output or --output-stderr, firejail was concatenating all command line arguments into a single string that was passed to a shell. As the arguments were no longer escaped, the shell was able to interpret them. Someone who has control over the command line arguments of the sandboxed application could use this to run arbitrary other commands. Instead of passing it through a shell for piping the output to ftee, the pipeline is now manually created and the processes are executed directly. Fixes: CVE-2020-17368 Reported-by: Tim Starling <tstarling@wikimedia.org>

Diffstat (limited to 'src/include/common.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: