Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-25 21:49:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

comment

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-23 02:38:53 -05:00
parent f8f2e6c704
commit 2152fa2d61
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
etc/permission-hardening.d/30_default.conf
View File

@ -13,18 +13,24 @@
## To remove all SUID/SGID binaries in a directory, you can use the "nosuid"
## argument.
## TODO: white spaces inside file name untested and probably will not work.
######################################################################
# SUID disablewhitelist
######################################################################
## disablewhitelist disables below (or in lexically higher) files
## exactwhitelist and matchwhitelist. Add these here (discouraged) or better
## in file "/etc/permission-hardening.d/20_user.conf".
## For example, if you are not using SELinux the following might make sense to
## enable. TODO: research
#/utempter/utempter disablewhitelist
######################################################################
# SUID exact match whitelist
######################################################################
## TODO: white spaces inside file name untested
/usr/bin/sudo exactwhitelist
/bin/sudo exactwhitelist
/usr/bin/bwrap exactwhitelist
@ -50,8 +56,6 @@
# SUID regex match whitelist - research required
######################################################################
## TODO: white spaces inside file name untested
/usr/lib/virtualbox/ matchwhitelist
## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c