2021-03-17 09:45:21 -04:00
|
|
|
## Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
2020-12-01 04:28:15 -05:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
|
|
## Please use "/etc/permission-hardening.d/20_user.conf" or
|
|
|
|
## "/usr/local/etc/permission-hardening.d/20_user.conf" for your custom
|
|
|
|
## configuration. When security-misc is updated, this file may be overwritten.
|
|
|
|
|
|
|
|
## https://forums.whonix.org/t/disable-suid-binaries/7706/61
|
|
|
|
## Protect from 'chmod -x' (and SUID removal).
|
|
|
|
## SUID will be removed below in separate step.
|
|
|
|
/bin/mount exactwhitelist
|
|
|
|
/usr/bin/mount exactwhitelist
|
|
|
|
|
|
|
|
## Remove SUID from 'mount' but keep executable.
|
|
|
|
## https://forums.whonix.org/t/disable-suid-binaries/7706/61
|
|
|
|
/bin/mount 745 root root
|
|
|
|
/usr/bin/mount 745 root root
|