Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 604758 (CVE-2017-5180, CVE-2017-5206, CVE-2017-5207) - <sys-apps/{firejail-,firejail-lts-}: root privilege escalation (CVE-2017-{5180,5206,5207})
Summary: <sys-apps/{firejail-,firejail-lts-}: root privilege escalatio...
Alias: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa cve]
: 605296 (view as bug list)
Depends on:
Reported: 2017-01-05 14:43 UTC by Thomas Deutschmann (RETIRED)
Modified: 2017-01-24 11:33 UTC (History)
2 users (show)

See Also:
Package list:
=sys-apps/firejail- =sys-apps/firejail-lts-
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-05 14:43:00 UTC
CVE-2017-5180 (local root exploit), which relies on the X11
sandboxing features to overwrite an arbitrary file:
it makes ${SANDBOX_HOME}/.Xauthority be a symlink to the target file,
and writes the desired content in ~/.Xauthority.


 * Analysis: Sandboxing is cool, but it has to be done right.
 * Firejail has too broad attack surface that allows users
 * to specify a lot of options, where one of them eventually
 * broke by accessing user-files while running with euid 0.
 * There are some other similar races. Turns out that it can be
 * _very difficult_ to create a generic sandbox suid wrapper thats
 * secure but still flexible enough to sandbox arbitrary binaries.

See for first (incomplete) fix.
Comment 1 Michael Palimaka (kensington) gentoo-dev 2017-01-11 10:31:47 UTC
*** Bug 605296 has been marked as a duplicate of this bug. ***
Comment 2 Sebastian Pipping gentoo-dev 2017-01-11 19:51:38 UTC
Bumped non-LTS to

commit 8323924482277778d11fb699aa24303338fabdc8
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Jan 11 20:49:46 2017 +0100

    sys-apps/firejail: (bug #604758)
    Package-Manager: Portage-2.3.3, Repoman-2.3.1

 sys-apps/firejail/Manifest                         |  1 +
 .../files/firejail-        | 10 +++++
 sys-apps/firejail/firejail-         | 46 ++++++++++++++++++++++
 3 files changed, 57 insertions(+)
Comment 3 Amadeusz Żołnowski (RETIRED) gentoo-dev 2017-01-11 21:24:18 UTC
commit 0d4eac03e17aefca1042c661bf8f7e226b46f258
Author: Amadeusz Żołnowski <>
Date:   Wed Jan 11 21:00:35 2017 +0000

    sys-apps/firejail-lts: Bump version

    Gentoo-Bug: 604758

    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 4 Amadeusz Żołnowski (RETIRED) gentoo-dev 2017-01-11 21:25:02 UTC
Sebastian, thanks for bumping 0.9.40.x!
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-13 13:34:06 UTC
@ Arches,

please test and mark stable:

Comment 6 Agostino Sarubbo gentoo-dev 2017-01-13 17:06:55 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-14 14:16:53 UTC
New GLSA request filed.

@ Maintainer(s): Please cleanup and drop previous vulnerable versions.
Comment 8 Amadeusz Żołnowski (RETIRED) gentoo-dev 2017-01-14 20:59:15 UTC and are removed.
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2017-01-24 11:31:52 UTC

Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-01-24 11:33:33 UTC
This issue was resolved and addressed in
 GLSA 201701-62 at
by GLSA coordinator Aaron Bauman (b-man).