On Tue, Jul 1, 2025 at 2:29 PM <[email protected]> wrote: > > on debian 11 i just install firetools and firejail > docs say both are setuid > firejail works, firetools doesn't > firejail is setuid, firetools isn't > if i sudo chmod u+s /usr/bin/firetools i get > > FATAL: The application binary appears to be running setuid, this is a > security hole. > Aborted > > is this a problem wth the firetools package
I suspect (but don't know) that firetools is a shell script, while firejail is a compiled application. Generally speaking, it is Ok to setuid on a compiled application (lots of handwaiving). However, setuid on a script is considered a security flaw. Jeff
