diff options
Diffstat (limited to 'etc-fixes')
-rw-r--r-- | etc-fixes/seccomp-join-bug/README | 11 | ||||
-rw-r--r-- | etc-fixes/seccomp-join-bug/eecf35c-backports.zip | bin | 0 -> 10472 bytes |
2 files changed, 11 insertions, 0 deletions
diff --git a/etc-fixes/seccomp-join-bug/README b/etc-fixes/seccomp-join-bug/README new file mode 100644 index 000000000..9f85a0e00 --- /dev/null +++ b/etc-fixes/seccomp-join-bug/README | |||
@@ -0,0 +1,11 @@ | |||
1 | These are patches for various Firejail versions for the security bug reported by Austin Morton | ||
2 | on May 21, 2019: | ||
3 | |||
4 | Seccomp filters are copied into /run/firejail/mnt, and are writable | ||
5 | within the jail. A malicious process can modify files from inside the | ||
6 | jail. Processes that are later joined to the jail will not have seccomp | ||
7 | filters applied. | ||
8 | |||
9 | The original discussion thread: https://github.com/netblue30/firejail/issues/2718 | ||
10 | The fix on mainline: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 | ||
11 | |||
diff --git a/etc-fixes/seccomp-join-bug/eecf35c-backports.zip b/etc-fixes/seccomp-join-bug/eecf35c-backports.zip new file mode 100644 index 000000000..59782461e --- /dev/null +++ b/etc-fixes/seccomp-join-bug/eecf35c-backports.zip | |||
Binary files differ | |||