Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-08 20:25:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-refactor'

Browse source
This commit is contained in:
Patrick Schleizer 2025-01-06 08:43:54 -05:00
commit c4cfb8597d
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
3 changed files with 613 additions and 525 deletions
Download patch file Download diff file Expand all files Collapse all files

1130
usr/bin/permission-hardener
View file

File diff suppressed because it is too large Load diff

5
usr/lib/permission-hardener.d/25_default_passwd.conf → usr/lib/permission-hardener.d/25_default_whitelist_passwd.conf
View file

@ -7,8 +7,11 @@
# Keep the `passwd` utility executable to prevent issues with the
# /usr/libexec/security-misc/pam-abort-on-locked-password script blocking
# user logins with `su` and KScreenLocker
# user logins with `su` and KScreenLocker. exactwhitelist is needed to keep
# the nosuid rule on /usr/bin from fighting with these rules.
#
# See also: https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener#passwd
/usr/bin/passwd exactwhitelist
/bin/passwd exactwhitelist
/usr/bin/passwd 0755 root root
/bin/passwd 0755 root root