Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-06 05:04:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

Polish permission-hardener refactor

Browse source
This commit is contained in:
Aaron Rainbolt 2024-12-25 19:48:28 -06:00
parent 83d3867959
commit dbcb612517
No known key found for this signature in database
GPG key ID: A709160D73C79109
3 changed files with 184 additions and 869 deletions
Download patch file Download diff file Expand all files Collapse all files

3
usr/lib/permission-hardener.d/25_default_whitelist_passwd.conf
View file

@ -7,7 +7,8 @@
# Keep the `passwd` utility executable to prevent issues with the
# /usr/libexec/security-misc/pam-abort-on-locked-password script blocking
# user logins with `su` and KScreenLocker
# user logins with `su` and KScreenLocker. exactwhitelist is needed to keep
# the nosuid rule on /usr/bin from fighting with these rules.
#
# See also: https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener#passwd
/usr/bin/passwd exactwhitelist