security-misc/etc/permission-hardening.d/25_default_whitelist_mount.conf

18 lines
711 B
Plaintext
Raw Normal View History

2021-03-17 09:45:21 -04:00
## Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Please use "/etc/permission-hardening.d/20_user.conf" or
## "/usr/local/etc/permission-hardening.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten.
## https://forums.whonix.org/t/disable-suid-binaries/7706/61
## Protect from 'chmod -x' (and SUID removal).
## SUID will be removed below in separate step.
/bin/mount exactwhitelist
/usr/bin/mount exactwhitelist
## Remove SUID from 'mount' but keep executable.
## https://forums.whonix.org/t/disable-suid-binaries/7706/61
/bin/mount 745 root root
/usr/bin/mount 745 root root