diff options
Diffstat (limited to 'etc-fixes/seccomp-join-bug')
| -rw-r--r-- | etc-fixes/seccomp-join-bug/README | 11 | ||||
| -rw-r--r-- | etc-fixes/seccomp-join-bug/eecf35c-backports.zip | bin | 0 -> 10472 bytes |
2 files changed, 11 insertions, 0 deletions
diff --git a/etc-fixes/seccomp-join-bug/README b/etc-fixes/seccomp-join-bug/README new file mode 100644 index 000000000..9f85a0e00 --- /dev/null +++ b/etc-fixes/seccomp-join-bug/README | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | These are patches for various Firejail versions for the security bug reported by Austin Morton | ||
| 2 | on May 21, 2019: | ||
| 3 | |||
| 4 | Seccomp filters are copied into /run/firejail/mnt, and are writable | ||
| 5 | within the jail. A malicious process can modify files from inside the | ||
| 6 | jail. Processes that are later joined to the jail will not have seccomp | ||
| 7 | filters applied. | ||
| 8 | |||
| 9 | The original discussion thread: https://github.com/netblue30/firejail/issues/2718 | ||
| 10 | The fix on mainline: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 | ||
| 11 | |||
diff --git a/etc-fixes/seccomp-join-bug/eecf35c-backports.zip b/etc-fixes/seccomp-join-bug/eecf35c-backports.zip new file mode 100644 index 000000000..59782461e --- /dev/null +++ b/etc-fixes/seccomp-join-bug/eecf35c-backports.zip | |||
| Binary files differ | |||