On 7/7/26 9:23 AM, Aaron Rainbolt wrote:
This does not work. Someone did*exactly* this and I was able to leverage it to escape sandboxes (vuln report is under embargo at the moment). When you use a binfmt-misc handler, then when the sandboxed executable tries to run the program, the kernel runs it*in* the sandbox. When you use a MIME handler that gates access on the executable bit, where the handler executes outside of the sandbox, then when the sandboxed executable calls the MIME handler on a marked-executable file, the file runs outside of (and thus escapes) the sandbox.
Fedora double-dips. We register both as a binfmt-misc handler (only when you have wine-systemd installed) and via the upstream .desktop files.
I'm watching this thread but I don't have any suggestions at this time. My first impression is why does Flatpak change namespace/scope when performing MIME operations, but I don't know enough about the architecture to know why.
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
