bwrap.xml: Mention CVE-2017-5226 with --new-session

Signed-off-by: Sebastian Pipping <sebastian@pipping.org>
author: Sebastian Pipping <sebastian@pipping.org> 2023-03-05 00:38:51 +0100
committer: Alexander Larsson <alexander.larsson@gmail.com> 2023-04-03 16:01:03 +0200
commit: 35e6b2a6982fd167793a267bbb855190a4c6eed2 (patch)
tree: 5c1b8b026085479c253ef5e9018150227587917e
parent: 9b246d4297c7f5d62f9a1ab103abbf78c5486475 (diff)
download: bubblewrap-35e6b2a6982fd167793a267bbb855190a4c6eed2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/bwrap.xml b/bwrap.xml
index adc4641..81331de 100644
--- a/bwrap.xml
+++ b/bwrap.xml
@@ -464,7 +464,9 @@
         </para><para>
         Note: In a general sandbox, if you don't use --new-session, it is
         recommended to use seccomp to disallow the TIOCSTI ioctl, otherwise
-        the application can feed keyboard input to the terminal.
+        the application can feed keyboard input to the terminal
+        which can e.g. lead to out-of-sandbox command execution
+        (see CVE-2017-5226).
       </para></listitem>
     </varlistentry>
     <varlistentry>
author	Sebastian Pipping <sebastian@pipping.org>	2023-03-05 00:38:51 +0100
committer	Alexander Larsson <alexander.larsson@gmail.com>	2023-04-03 16:01:03 +0200
commit	35e6b2a6982fd167793a267bbb855190a4c6eed2 (patch)
tree	5c1b8b026085479c253ef5e9018150227587917e
parent	9b246d4297c7f5d62f9a1ab103abbf78c5486475 (diff)
download	bubblewrap-35e6b2a6982fd167793a267bbb855190a4c6eed2.tar.gz