docs: mention risk of SUID binaries and also firejail-users(5)

People might assume (and have assumed) that firejail can be executed by any user by default, which makes the SUID issue seem more encompassing than it is. So on the introduction of firejail(1), mention the main risk of SUID binaries and that by default, only the root user is allowed to run firejail (and also how to allow more users). Suggested by @emerajid on #5288. Relates to #4601.
netblue30 · Aug 3, 2022 · e076cc0 · e076cc0
1 parent 74b5d24
commit e076cc0
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
@@ -68,6 +68,17 @@ Each profile defines a set of permissions for a specific application or group
 of applications. The software includes security profiles for a number of more common
 Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc.
 .PP
+Firejail is currently implemented as an SUID binary, which means that if a
+malicious or compromised user account manages to exploit a bug in Firejail,
+that could ultimately lead to a privilege escalation to root.
+To mitigate this, by default only the root user is allowed to run Firejail.
+To allow more users, see firejail-users(5).
+For more details on the security/usability tradeoffs of Firejail, see the
+following discussion:
+.UR https://github.com/netblue30/firejail/discussions/4601
+#4601
+.UE
+.PP
 Alternative sandbox technologies like snap (https://snapcraft.io/) and flatpak (https://flatpak.org/)
 are not supported. Snap and flatpak packages have their own native management tools and will
 not work when sandboxed with Firejail.