diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2020-07-29 20:22:52 +0200 |
---|---|---|
committer | Reiner Herrmann <reiner@reiner-h.de> | 2020-08-06 17:21:14 +0200 |
commit | 34193604fed04cad2b7b6b0f1a3a0428afd9ed5b (patch) | |
tree | 3be2dd9d6e879eda9639242e6ce9fe434b89b789 /test/fs/mkdir.exp | |
parent | firejail: don't interpret output arguments after end-of-options tag (diff) | |
download | firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.tar.gz firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.tar.zst firejail-34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.zip |
firejail: don't pass command line through shell when redirecting output
When redirecting output via --output or --output-stderr, firejail was
concatenating all command line arguments into a single string
that was passed to a shell. As the arguments were no longer escaped,
the shell was able to interpret them.
Someone who has control over the command line arguments of the
sandboxed application could use this to run arbitrary other commands.
Instead of passing it through a shell for piping the output to ftee,
the pipeline is now manually created and the processes are executed
directly.
Fixes: CVE-2020-17368
Reported-by: Tim Starling <tstarling@wikimedia.org>
Diffstat (limited to 'test/fs/mkdir.exp')
0 files changed, 0 insertions, 0 deletions