Flatpak: Complete Sandbox Escape
36 points by eyberg
36 points by eyberg
if I had a cent for each symlink-following-related CVE from this week, I'd have two cents, which isn't a lot, but further enforced my fear of having to deal with symlinks in security-sensitive contexts.
https://github.com/flatpak/flatpak/commit/4a678f463b455c585d38ac4cf4d994e7ce710f8e seems to the fix.
(also worth noting the non-backported one is https://github.com/flatpak/flatpak/commit/3c111d9e19267dad63bf006647c1d44861a7fec5, since it seems this accidentally didn't get filled in the backport commit message)
I didn't think flatpak sandboxes were supposed to be a super strong security boundary...
I don't like the metaphor at all if you talk about security. The point sandboxes is that you can play around with them without messing up the lawn outside, but generally they only have a low wall that the children can still step over.