From e076cc0133e55ff215f312cf802e89d293ca6d96 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 2 Aug 2022 21:18:01 -0300 Subject: [PATCH] docs: mention risk of SUID binaries and also firejail-users(5) People might assume (and have assumed) that firejail can be executed by any user by default, which makes the SUID issue seem more encompassing than it is. So on the introduction of firejail(1), mention the main risk of SUID binaries and that by default, only the root user is allowed to run firejail (and also how to allow more users). Suggested by @emerajid on #5288. Relates to #4601. --- src/man/firejail.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 087d1c85a8b..6d836fc91bb 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -68,6 +68,17 @@ Each profile defines a set of permissions for a specific application or group of applications. The software includes security profiles for a number of more common Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc. .PP +Firejail is currently implemented as an SUID binary, which means that if a +malicious or compromised user account manages to exploit a bug in Firejail, +that could ultimately lead to a privilege escalation to root. +To mitigate this, by default only the root user is allowed to run Firejail. +To allow more users, see firejail-users(5). +For more details on the security/usability tradeoffs of Firejail, see the +following discussion: +.UR /~https://github.com/netblue30/firejail/discussions/4601 +#4601 +.UE +.PP Alternative sandbox technologies like snap (https://snapcraft.io/) and flatpak (https://flatpak.org/) are not supported. Snap and flatpak packages have their own native management tools and will not work when sandboxed with Firejail.