From 24ea70384bb6c34f283ff1e71e4f7ed34133db5f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 20 Dec 2019 06:53:03 -0500 Subject: [PATCH] description --- debian/control | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/control b/debian/control index e563759..3782c88 100644 --- a/debian/control +++ b/debian/control @@ -217,6 +217,15 @@ Description: enhances misc security settings debian/security-misc.postinst /usr/lib/security-misc/permission-lockdown /usr/share/pam-configs/mkhomedir-security-misc + . + * SUID / GUID removal and permission hardening. + A systemd service removed SUID / GUID from non-essential binaries as these are + often used in privilege escalation attacks. + It is disabled by default for now during testing and can optionally be enabled + by running `systemctl enable permission-hardening.service` as root. + /usr/lib/security-misc/permission-hardening + /lib/systemd/system/permission-hardening.service + /etc/permission-hardening.d/30_default.conf . access rights relaxations: .