seccomp-join-bug
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||
These are patches for various Firejail versions for the security bug reported by Austin Morton on May 21, 2019: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. The original discussion thread: #2718 The fix on mainline: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134