-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question on private-bin & Hyperlinking #3308
Comments
If you set for example Why is that good? It restricts the available program, for example if an attacker can know a vulnerability in quiterss which allows him to execute various shell command but there is no bash, no ls, no curl he can't exploit it.
also look at the manpage If it works with |
I see, thanks for the clarification @rusty-snake I did try with Could you try reproduce? |
start quiterss with this and open a link |
firefox.sh will need a shell |
This opens links now but i dont see any output in terminal or in a generated log file.
I used: |
no output? ok, then try |
And i tried in a different terminal with opening a link: |
So now i got this: |
ok then run alternative go trough firefox.sh and select every program. |
Thanks @rusty-snake It came down to it needing only the following to make hyperlinks work again: All the other executables that were not included, does that mean the firefox.sh wouldnt run entirely correctly if i leave them out and only use |
thats are all shell builtins, I downloaded the firefox.deb for ubuntu and came to this: |
Well i never start firefox by opening a link from quiterss. So only when firefox is already open will i open a link and it seems to open the tab fine so far. |
fedora and arch are also using shell script to start firefox.
you mean like this https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software#mozilla-firefox-opt-install
for quiterss yes, because there is no shell |
I'm closing here due to inactivity, please fell free to reopen if you have more questions. |
The suggested solutions didn't work for me on Debian 11. For anybody landing here, this is what I put in my
|
The prettier way:
|
Im experimenting with QuiteRSS and if i use the default profile as is, i am unable to open links in Firefox.
If i
A: comment out
private-bin quiterss
from quiterss.profileor
B: run quiterss with
--ignore=private-bin
Then I am able to open the links in Firefox.
What is the significance ignoring private-bin and hyperlinks working after that?
What does private-bin actually do?
Why is this happening?
I know you will tell me that to be safe, its better to copy and paste the link, but some apps such as QuiteRSS convenience is needed when clicking on 100 links per day. If i run any app with
--ignore=private-bin
, what security implications are there?Why did hyperlinking in firejail break after Firefox 67.0 version as per this #2720
Any apps i run with firejail, hyperlinking is broken.
Im sorry i dont know much about private-bin and where the file is because i cannot find it. Is it generated on container creation? There is not much information on this in the wiki.
firejail version: 0.9.62
Xubuntu 18.04
PS: Firefox is NOT firejailed when doing this. New Firefox installation & profile.
The text was updated successfully, but these errors were encountered: