Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-13 10:09:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-20 07:06:50 -05:00
parent 8e112c3423
commit 65248a94ef
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -200,6 +200,16 @@ debian/security-misc.postinst
/usr/lib/security-misc/permission-lockdown
/usr/share/pam-configs/mkhomedir-security-misc
* SUID / GUID removal and permission hardening.
A systemd service removed SUID / GUID from non-essential binaries as these are
often used in privilege escalation attacks.
It is disabled by default for now during testing and can optionally be enabled
by running `systemctl enable permission-hardening.service` as root.
https://forums.whonix.org/t/permission-hardening/8655
/usr/lib/security-misc/permission-hardening
/lib/systemd/system/permission-hardening.service
/etc/permission-hardening.d/30_default.conf
access rights relaxations:
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with