diff options
author | Sebastian Pipping <sebastian@pipping.org> | 2023-03-05 00:38:51 +0100 |
---|---|---|
committer | Alexander Larsson <alexander.larsson@gmail.com> | 2023-04-03 16:01:03 +0200 |
commit | 35e6b2a6982fd167793a267bbb855190a4c6eed2 (patch) | |
tree | 5c1b8b026085479c253ef5e9018150227587917e | |
parent | 9b246d4297c7f5d62f9a1ab103abbf78c5486475 (diff) | |
download | bubblewrap-35e6b2a6982fd167793a267bbb855190a4c6eed2.tar.gz |
bwrap.xml: Mention CVE-2017-5226 with --new-session
Signed-off-by: Sebastian Pipping <sebastian@pipping.org>
-rw-r--r-- | bwrap.xml | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -464,7 +464,9 @@ </para><para> Note: In a general sandbox, if you don't use --new-session, it is recommended to use seccomp to disallow the TIOCSTI ioctl, otherwise - the application can feed keyboard input to the terminal. + the application can feed keyboard input to the terminal + which can e.g. lead to out-of-sandbox command execution + (see CVE-2017-5226). </para></listitem> </varlistentry> <varlistentry> |