diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 31 |
1 files changed, 0 insertions, 31 deletions
@@ -63,35 +63,6 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ | |||
63 | 63 | ||
64 | We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com | 64 | We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com |
65 | 65 | ||
66 | ````` | ||
67 | Security Advisory - Feb 8, 2021 | ||
68 | |||
69 | Summary: A vulnerability resulting in root privilege escalation was discovered in | ||
70 | Firejail's OverlayFS code, | ||
71 | |||
72 | Versions affected: Firejail software versions starting with 0.9.30. | ||
73 | Long Term Support (LTS) Firejail branch is not affected by this bug. | ||
74 | |||
75 | Workaround: Disable overlayfs feature at runtime. | ||
76 | In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no". | ||
77 | |||
78 | $ grep overlayfs /etc/firejail/firejail.config | ||
79 | # Enable or disable overlayfs features, default enabled. | ||
80 | overlayfs no | ||
81 | |||
82 | Fix: The bug is fixed in Firejail version 0.9.64.4 | ||
83 | |||
84 | GitHub commit: (file configure.ac) | ||
85 | https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b | ||
86 | |||
87 | Credit: Security researcher Roman Fiedler analyzed the code and discovered the vulnerability. | ||
88 | Functional PoC exploit code was provided to Firejail development team. | ||
89 | A description of the problem is here on Roman's blog: | ||
90 | |||
91 | https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt | ||
92 | https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ | ||
93 | ````` | ||
94 | |||
95 | ## Installing | 66 | ## Installing |
96 | 67 | ||
97 | ### Debian | 68 | ### Debian |
@@ -134,8 +105,6 @@ See the following discussions for details: | |||
134 | 105 | ||
135 | Firejail is included in a large number of Linux distributions. | 106 | Firejail is included in a large number of Linux distributions. |
136 | 107 | ||
137 | Note: The firejail 0.9.52-LTS version is deprecated. | ||
138 | |||
139 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually: | 108 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually: |
140 | 109 | ||
141 | ````` | 110 | ````` |