On Fri, 08 Oct 2021 at 12:50:18 +0100, Simon McVittie wrote: > Flatpak 1.12.0 and 1.10.4 fix a security vulnerability in the portal > support. Some recently added syscalls were not blocked by the seccomp > rules which allowed the application to create sub-sandboxes which can > confuse the sandboxing verification mechanisms of the portal. This has > been addressed by extending the seccomp rules.
Unfortunately, this has caused regressions, which are fixed in 1.12.1 and 1.10.5, at the cost of weakening the protection against the vulnerability (it will now "fail open" for syscalls that libseccomp does not know about). I'm continuing to look into this upstream, but a full solution is likely to require a new version of bubblewrap, because bubblewrap can currently only add one seccomp filter, but I don't think we can achieve the desired semantics without adding a second seccomp filter. If you can help, please contact https://github.com/flatpak/flatpak/pull/4462 or flatpak-secur...@lists.freedesktop.org. I don't think the upstream solution is sufficiently settled yet to be issuing stable updates for this. smcv
