Have you run your Linux distribution updates recently? You probably should, because Dirty Frag and Copy Fail are coming for you. Two major Local Privilege Escalation (LPE) security issues have been revealed in a short time, which is not ideal.
For Copy Fail that was revealed at the end of April, the website describes it simply enough for you:
"An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root"
That's pretty bad. There's thankfully some patches rolling out across different distributions for it.
And now we also have Dirty Frag, which has been fully revealed early due to an embargo being broken and so Linux distribution developers will need to scramble to get patches ready for it. The impact is very similar to Copy Fail, enabling an attacker to gain root access to your system to do whatever they feel like.
However, a quick workaround (taken from the Dirty Frag disclosure) can be done as noted to protect yourself via terminal:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
This is a special case, because no current patches exist. It should be fine to run on any distribution.
Keep a close eye on updates coming in over the next week, you're going to need them.
Article taken from GamingOnLinux.com.
See more from me
You can also find comments for this article on social media: Quoting: Caldathrasthnx, than firefox isn't sandboxed on linux.Quoting: LoudTechieBy default, Firefox automatically places all downloads in the Download folder but I can go into settings and choose a toggle that lets me choose whatever folder I want to download to, on the fly - Documents, Music, Videos, other drives or any combination of subfolder.Quoting: CaldathrasYeah it should default to your download folder, but can you look beyond it. Can you work in your document folder.Quoting: LoudTechieTor-browser and if I remember correctly firefox have their own download folder sandboxing.Regarding Firefox, not to my knowledge. On my systems, Firefox defaults to my Download folder. No sandboxing that I'm aware of -- unless this is a feature I have to enable.
Tor-browser maintains its own seperate folder, but I thought firefox limited itself to only the download folder.
Based on what you said I would assume the answer is no, but I still wanted to clarify what I meant.
Now, on Android however, I am definitely sandboxed to the system's Download folder. It cannot even maintain a virtual Download folder on the SD card (unlike Vivaldi and Chrome).
Patreon
PayPal
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck