Package: firejail Version: 0.9.66-2 Severity: important Tags: security upstream Forwarded: https://github.com/netblue30/firejail/issues/4565 X-Debbugs-Cc: Debian Security Team <[email protected]>
The intent of upstream commit ee7b466576a06ec8ccb82e7ad8277d7f7fe4549b is to block input devices in the default profile. For instance, with this commit, the webcam (via `/dev/video*`) is no longer available. But the microphone is still available. This is not consistent and may give a false sense of security (with obvious privacy issues). Tested with the Zoom client (audio works, video doesn't), with audacity (audio works, while it shouldn't), and cheese (video doesn't work, as expected). -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firejail depends on: ii libapparmor1 3.0.3-2 ii libc6 2.32-4 ii libselinux1 3.1-3 Versions of packages firejail recommends: ii firejail-profiles 0.9.66-2 ii iproute2 5.14.0-1 ii iptables 1.8.7-1 ii xauth 1:1.1-1 ii xdg-dbus-proxy 0.1.2-2 ii xpra 3.1-1 ii xvfb 2:1.20.11-1 firejail suggests no packages. -- no debconf information -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
