Does firejail stop path traversal vuln?

parrot

#1

As stated here:

Even if we were running a vulnerable version of LibreOffice, would firejail prevent this from succeeding or maybe lesson the damage? Not that it is an excuse to not update.


(Matt) #2

Our newest version has this patched, so i cant test it.

But for firejail to prevent this exploit, it would probably depend on where the script you wanted to execute was saved. If libreoffice cant access the script, then it cant execute it.

If it did execute, firejail would have limited what it could do (thats generally the point in firejail). I cant say exactly as i didnt write the profile, nor can i test it. But its unlikely that a malicious user is going to write bespoke scripts to circumvent your firejail profiles.


#3

Thank you. I guess I’m asking because I primarly use Parrot as a LiveUSB. I prefer Parrot due to the multiple tools preinstalled, along with firejail, and the fact that you guys release a new ISO more frequently then say, Kali.

A a bit off-topic, but any idea on when 4.6 will be released? Do you release every two months or three?


(Matt) #4

Releases are more or less every 2 months.
This is a list of previous release dates to give you an idea. But it wont be rushed out, it will be released whenever its ready, so don’t count down the days.

• 2019-01-22: Parrot 4.5
• 2018-11-04: Parrot 4.3
• 2018-09-11: Parrot 4.2.2
• 2018-01-28: Parrot Security OS 3.11
• 2017-11-08: Parrot Security OS 3.9
• 2017-09-13: Parrot Security OS 3.8
• 2017-07-11: Parrot Security OS 3.7
• 2017-05-19: Parrot Security OS 3.6
• 2017-03-08: Parrot Security OS 3.5
• 2016-12-25: Parrot Security OS 3.3
• 2016-10-16: Parrot Security OS 3.2
• 2016-07-31: Parrot Security OS 3.1

If you have any suggestions for next release, you can bring them up here: Parrot 4.6 Development Discussions


#5

Thanks again!


(Lorenzo "Palinuro" Faletra) #6

firejail does of course mitigate any kind of system breach by limiting the exposed surface and preventing access to many system branches that are not needed to the application, from storage access to available syscalls up to network functionalities.

what we can’t say is if firejail is going to prevent all the attacks of one kind or not, and every exploit have to be individually tested before stating if our sandbox is going to protect you or not.