Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

private-bin breaks --join for filezilla #2633

Merged
merged 1 commit into from
Apr 10, 2019
Merged

private-bin breaks --join for filezilla #2633

merged 1 commit into from
Apr 10, 2019

Conversation

veloute
Copy link
Collaborator

@veloute veloute commented Mar 31, 2019

perhaps there's another solution, but this is the only fix i could find for fixing --join.

error i get:

Switching to pid 13327, the first child process inside the sandbox
Warning: cleaning all supplementary groups
Child process initialized in 10.86 ms
execvp: No such file or directory

@SkewedZeppelin
Copy link
Collaborator

SkewedZeppelin commented Mar 31, 2019
edited
Loading

what is your default shell? zsh? fish?
you could just
echo "private-bin zsh" >> ~/.config/firejail/filezilla.local

@veloute
Copy link
Collaborator Author

veloute commented Mar 31, 2019

you're right, my bad; that didn't even cross my mind.
maybe we should add other common shells to the private-bin line?

@SkewedZeppelin
Copy link
Collaborator

hmm, I think at one point if sh was there it would add the current default, but I'm not sure.

@veloute
Copy link
Collaborator Author

veloute commented Mar 31, 2019

could something maybe be done with the $SHELL variable?

@rusty-snake
Copy link
Collaborator

On my System sh is a symlink to bash, but my user default shell is zsh.
This has already caused some issues with FJ.

@netblue30
Copy link
Owner

netblue30 commented Apr 9, 2019
edited
Loading

Here is the deal with private-bin. The ugliest executable you can add on this line is a shell. An attacker after getting control of the program will want to start a shell session on your computer. If there is no shell available, bad luck! For various reasons, a small number of programs are using an external shell, usually /bin/sh. Some of them might even go after $SHELL env variable.

In the case of filezilla, we already know it is using /bin/bash, so the damage is already done. I don't see any reason not to add zsh on that line. @veloute if you just add zsh on private-bin line, is it working?

@veloute
Copy link
Collaborator Author

veloute commented Apr 9, 2019

yes, joining works after adding zsh to private-bin.

@netblue30 netblue30 merged commit cab679f into netblue30:master Apr 10, 2019
netblue30 pushed a commit that referenced this pull request Apr 10, 2019
zsh on private-bin for #2633
b5d2a56
@netblue30
Copy link
Owner

ok, let's go for adding zsh on the private-bin line - I'll check it in in a few minutes

@veloute veloute deleted the filezilla-fix branch April 10, 2019 23:15
@Vincent43
Copy link
Collaborator

I guess every other profile with private-bin sh,bash should be fixed this way.

@netblue30
Copy link
Owner

Let's wait for people to start complaining about it.

@veloute
Copy link
Collaborator Author

veloute commented Jul 26, 2019

Let's wait for people to start complaining about it.

i think i'm ready to complain about it :P
i've run into the problem of joining working about 40% of the time; out of the few i randomly just tested, keepassxc, mpv, hexchat and flameshot won't allow me to join (always with "execvp: No such file or directory" as the error) with zsh as the default shell.

@veloute veloute mentioned this pull request Aug 28, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@veloute @SkewedZeppelin @rusty-snake @netblue30 @Vincent43