On 7/7/26 9:23 AM, Aaron Rainbolt wrote:
This does not work. Someone did*exactly* this and I was able to
leverage it to escape sandboxes (vuln report is under embargo at the
moment). When you use a binfmt-misc handler, then when the sandboxed
executable tries to run the program, the kernel runs it*in* the
sandbox. When you use a MIME handler that gates access on the
executable bit, where the handler executes outside of the sandbox,
then when the sandboxed executable calls the MIME handler on a
marked-executable file, the file runs outside of (and thus escapes)
the sandbox.

Fedora double-dips. We register both as a binfmt-misc handler (only when you have wine-systemd installed) and via the upstream .desktop files.

I'm watching this thread but I don't have any suggestions at this time. My first impression is why does Flatpak change namespace/scope when performing MIME operations, but I don't know enough about the architecture to know why.

--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to