Firejail local root exploit
http://www.openwall.com/lists/oss-security/2017/01/04/1 [www.openwall.com]
2017-01-07 20:58
Turns out that it can be _very difficult_ to create a generic sandbox suid wrapper thats secure but still flexible enough to sandbox arbitrary binaries.
Full thread: http://marc.info/?t=148353575400001&r=1&w=2
source: solar