[ User ] Login

Bug 205: OPEN

Update firejail package

Date: 2018-10-27 - Creator: Ed - Priority critical - 2 messages

The firejail package is severely out of date, which is a bit unfortunate for a 
SUID program. There have been quite a bunch of CVE's since 0.9.34, and 
I'm unsure how many fixes have been backported by the maintainers.

But there is now a fresh LTS version (0.9.56-LTS) with announced two years of 
support, and it builds and runs just fine.

I needed linux-api-headers for building, and had to comment out the following 
lines in /etc/firejail/disable-common.inc for running (I would suggest to patch 
this in the package):
blacklist ${PATH}/crontabs
blacklist ${PATH}/nc
blacklist ${PATH}/su

Best regards, Ed

Affected package(s): firejail

Messages

By: Ed on 2018-10-28 02:46

Investigating further, there exists a compile time flag 
--enable-busybox-workaround.

This fixes most of these problems with blacklist, unfortunately with exception 
of crontabs. So there is still a need for a manual patch.

By: Ed on 2018-10-28 03:13

Upstream patch: 
https://github.com/netblue30/firejail/commit/b18f13d0536ff33b9bdbc8ea59d533fef74
f7e0f