Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-03 02:06:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

comment

Browse source
This commit is contained in:
Patrick Schleizer 2025-01-14 03:56:55 -05:00
parent 0ac85ea9f5
commit 9f1759ba0e
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
usr/lib/permission-hardener.d/25_default_whitelist_pam.conf
View file

@ -5,5 +5,18 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## Used by the pam_tmpdir module to create a secure temporary directory for the
## user that is logging in.
## https://manpages.ubuntu.com/manpages/oracular/man8/pam-tmpdir-helper.8.html
## Apparently specific to Debian, there isn't actually any Git repo with this
## code in it, it's just a "floating" package in the Debian archive. Written by
## the same person who maintains the package. Almost certainly cannot be
## disabled without causing serious problems, but may be worth auditing.
## (Worthy of note, it doesn't seem this program takes any user input, but
## relies solely on the calling user's UID and GID, though this could require
## further review.)
##
## Without this, Xfce fails to start with a dbus-launch error. ## Without this, Xfce fails to start with a dbus-launch error.
##
## TODO: audit pam-tmpdir-helper
pam-tmpdir-helper matchwhitelist pam-tmpdir-helper matchwhitelist