firejail: CVE-2019-12589: seccomp bypass when joining jails

Debian Bug report logs - #929732
firejail: CVE-2019-12589: seccomp bypass when joining jails

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Reiner Herrmann <reiner@reiner-h.de>

To: submit@bugs.debian.org

Subject: firejail: seccomp bypass when joining jails

Date: Wed, 29 May 2019 18:42:31 +0200

[Message part 1 (text/plain, inline)]

Source: firejail
Version: 0.9.52-1
Severity: critical
Tags: security upstream pending fixed-upstream
Forwarded: https://github.com/netblue30/firejail/issues/2718
X-Debbugs-CC: team@security.debian.org

A bug in firejail allows bypassing seccomp protection when
an existing jail is joined with another one [2].

Upstream description [0]:
> Seccomp filters are copied into /run/firejail/mnt, and are writable
> within the jail. A malicious process can modify files from inside the
> jail. Processes that are later joined to the jail will not have seccomp
> filters applied.

A fix is available [1] and also released in the new upstream version 0.9.60.
I will upload a backported fix to 0.9.58.2-1 to unstable soon.

The earliest acknowledged version that is affected is 0.9.52 (upstream
provides a patch for this version in [0]), but likely earlier versions
are affected as well.

According to [2], a CVE number has been requested.

[0] https://github.com/netblue30/firejail/commit/30f6000e72bd8d9eee6a0d2e700d69ed9be3aa29
[1] https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
[2] https://github.com/netblue30/firejail/issues/2718

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 929732-close@bugs.debian.org (full text, mbox, reply):

From: Reiner Herrmann <reiner@reiner-h.de>

To: 929732-close@bugs.debian.org

Subject: Bug#929732: fixed in firejail 0.9.58.2-2

Date: Wed, 29 May 2019 19:33:31 +0000

Source: firejail
Source-Version: 0.9.58.2-2

We believe that the bug you reported is fixed in the latest version of
firejail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reiner Herrmann <reiner@reiner-h.de> (supplier of updated firejail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 May 2019 21:06:42 +0200
Source: firejail
Architecture: source
Version: 0.9.58.2-2
Distribution: unstable
Urgency: high
Maintainer: Reiner Herrmann <reiner@reiner-h.de>
Changed-By: Reiner Herrmann <reiner@reiner-h.de>
Closes: 929732 929733
Changes:
 firejail (0.9.58.2-2) unstable; urgency=high
 .
   * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
     Seccomp filters were writable inside the jail, so they could be
     overwritten/truncated. Another jail that was then joined with the first
     one, had no seccomp filters applied.
   * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
     When the jailed program was running as root, and firejail was killed
     from the outside (as root), the jailed program had the possibility to
     truncate the firejail binary outside the jail.
Checksums-Sha1:
 465593c08200ef411ce2efb628b62bd80e3b7cb8 2489 firejail_0.9.58.2-2.dsc
 62daa05a45c60c10b94fc3d03d29b4281a2d0713 13356 firejail_0.9.58.2-2.debian.tar.xz
 3afaf6ed7398611e20e6124c232f360eb0ea056f 5561 firejail_0.9.58.2-2_source.buildinfo
Checksums-Sha256:
 088a95f3ba986b97183b2654817e74c4c8659d9a9ad4a99dacfd8da74f48c73d 2489 firejail_0.9.58.2-2.dsc
 1e8aad6ea5cebea03fd96016a2d5be69c8b9fc72c782adf168d0dcdad8cc264e 13356 firejail_0.9.58.2-2.debian.tar.xz
 a532acf96c3d07ab05b0c001139d1e611a4d96ddb50d674ab71eb35964b2ea84 5561 firejail_0.9.58.2-2_source.buildinfo
Files:
 ecd8954cef22c1e8867682515b87c8fb 2489 utils optional firejail_0.9.58.2-2.dsc
 c54b379a0c10cb43da7db1ad7da49edb 13356 utils optional firejail_0.9.58.2-2.debian.tar.xz
 780d17157665f16ab58ff60cd549950d 5561 utils optional firejail_0.9.58.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAlzu2HAACgkQzPBJKNsO
6qew+w/+K3a5QQEFz5LRCJmukcWivg/lYjTqLdbeRz2tseSK1J2SVmLgFCWDbh7f
PXfKhnE28FvyPYNbDOFNVF72s9xlE4YgDMqLco8mLVtqlkLEGVGSv3ba3lDZ/GNt
QpSaqMYpSrg+QxfxOdmfZf/OTB+hwc52EIT4YQl8qA968ml5SlyBZyEZbF3VneJm
0FfctbHdJQO02v6pyXKI4ZSHsGLPE30A/5vwz7G9qr3fITAKn/V4ZhdBvH7hQPiZ
oCRl3M06PSaVw0l9OdbKJU+gRwXUVcVw0A5iyUEWVo8+Tzc9qaIXKujsXW5Wp97a
8tevQoU8yvO5gGggh+0FUVt8REm4yzuHg2aaLI4ymEq7dsHLKmAj4TIulUnYuPGL
1qk7c2Pjpb+F9wIqkzCKqND/VA7vLfhho6Rxv/ZtwXaJV3zGa+/rCAYlbBYgeh7a
GJjjmitcSbWutBrdKTB6cnGT7dPmDcCNwRhSO9fNwJzeUjnM6wALyvVQ8BepuXII
m9z9a8viE0i2l+Ka72Bu25QFCTsW5s93GO/W4ruw60/dgVOZmr4pNYEi2PB4eHuv
D8Uj8jk2hgcuuKgkLbZ0mqA6jEqpUnY3nUHnX84qpUD2fuOwcW6H7lfwDK+yY21s
JbLb1SMxxrDywHJrrHUYPESWfMiKpa0DgZj4B4mrFGqJ0uQLigY=
=3Unw
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.