HomePhabricator

SECURITY: Prevent invoking firejail's --output functionality

Description

SECURITY: Prevent invoking firejail's --output functionality

firejail has an RCE in its handling of --output when dealing with untrusted
arguments (CVE-2020-17367 and CVE-2020-17368). We can avoid this issue by
preventing shelling out to firejail if any parameter starts with '--output'.

Bug: T258763
Change-Id: Ic6a5644566a51a948de7b42daf57b29ced3daff4

Details

Provenance
LegoktmAuthored on Jul 24 2020, 12:27 AM
ReedyCommitted on Sep 24 2020, 3:24 PM
Parents
rMWad21a02e1633: SECURITY: Unescaped message used in HTML within LogEventsList
Branches
Unknown
Tags
Unknown
ChangeId
Ic6a5644566a51a948de7b42daf57b29ced3daff4