Re: Security
On 2022-01-27 21:44:07 -0600, Nicholas Geovanis wrote:
> On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU <andreimpopescu@gmail.com>
> wrote:
>
> > I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this
> > article for details:
> >
> >
> > https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/
> >
> > And please don't bother to reply with "there are no other users on this
> > system I should worry about", the bad guys could still find ways to get
> > in, e.g. via a compromised browser, regardless if you are behind a
> > firewall or not[1].
Running the browser in firejail should be sufficient as the profile
should disable pkexec, e.g.
$ firejail --profile=firefox ls
Reading profile /etc/firejail/firefox.profile
[...]
Error: execute permission denied for /usr/bin/pkexec
Error: no suitable pkexec executable found
> Servers don't have browsers installed on them, for exactly this reason.
Servers shouldn't have pkexec installed in the first place, anyway.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to:
- References:
- Security
- From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: Security
- From: Nate Bargmann <n0nb@n0nb.us>
- Re: Security
- From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Security
- From: Nicholas Geovanis <nickgeovanis@gmail.com>