security-misc/etc/permission-hardening.d/25_default_whitelist_qubes.conf

19 lines
727 B
Plaintext
Raw Normal View History

2023-03-30 02:08:47 -04:00
## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Please use "/etc/permission-hardening.d/20_user.conf" or
## "/usr/local/etc/permission-hardening.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten.
## TODO: research
## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
2023-11-06 16:40:22 -05:00
##
## Qubes upstream security issue:
## qfile-unpacker allows unprivileged users in VMs to gain root privileges
## https://github.com/QubesOS/qubes-issues/issues/8633
2023-11-06 16:40:22 -05:00
##
## match both:
#/usr/lib/qubes/qfile-unpacker whitelist
#/lib/qubes/qfile-unpacker
qfile-unpacker matchwhitelist