Package: firejail Version: 0.9.68-3 Severity: important Tags: upstream security Forwarded: https://github.com/netblue30/firejail/issues/5010 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
I spent some time figuring why I could not connect to the SNCF wifi portal, and then, after connecting with another web browser, getting DNS failures. After looking at /etc/resolv.conf by joining the sandbox with a shell, I could see that it had not been updated after the switch to a different wifi network. Note: With my config, I had no issues when switching to the wifi hotspot of my phone, only with the SNCF wifi, probably because it filters UDP (making unbound unusable). In addition to DNS failures, this could be a security issue in case the IP address of the DNS server was a local one, so that this IP address could become the one of some random user on the new network. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firejail depends on: ii libapparmor1 3.0.4-2 ii libc6 2.33-7 ii libselinux1 3.3-1+b2 Versions of packages firejail recommends: ii firejail-profiles 0.9.68-3 ii iproute2 5.17.0-2 ii iptables 1.8.7-1 ii xauth 1:1.1.1-1 ii xdg-dbus-proxy 0.1.3-1 ii xpra 3.1-1+b5 ii xvfb 2:21.1.3-2+b1 firejail suggests no packages. -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
