![[ User ]](images/avatar.png){kind=avatar}
Bug 205: OPEN
Update firejail package
Date: 2018-10-27 - Creator: Ed - Priority critical - 3 messages
The firejail package is severely out of date, which is a bit unfortunate for a
SUID program. There have been quite a bunch of CVE's since 0.9.34, and
I'm unsure how many fixes have been backported by the maintainers.
But there is now a fresh LTS version (0.9.56-LTS) with announced two years of
support, and it builds and runs just fine.
I needed linux-api-headers for building, and had to comment out the following
lines in /etc/firejail/disable-common.inc for running (I would suggest to patch
this in the package):
blacklist ${PATH}/crontabs
blacklist ${PATH}/nc
blacklist ${PATH}/su
Best regards, Ed
Affected package(s): firejail
Messages
By: Ed on 2018-10-28 02:46
Investigating further, there exists a compile time flag --enable-busybox-workaround. This fixes most of these problems with blacklist, unfortunately with exception of crontabs. So there is still a need for a manual patch.
By: Ed on 2018-10-28 03:13
Upstream patch: https://github.com/netblue30/firejail/commit/b18f13d0536ff33b9bdbc8ea59d533fef74 f7e0f
By: hgt on 2022-06-14 16:44
Meanwhile firejail-0.9.68 is in the repository. Can this bug report be closed?