Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-13 09:16:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

comment

Browse Source
This commit is contained in:
Patrick Schleizer 2025-01-14 04:13:39 -05:00
parent 6d282226ef
commit eec2e2c8ee
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr/lib/permission-hardener.d/25_default_whitelist_qubes.conf
View File

@ -12,10 +12,13 @@
## qfile-unpacker allows unprivileged users in VMs to gain root privileges ## qfile-unpacker allows unprivileged users in VMs to gain root privileges
## https://github.com/QubesOS/qubes-issues/issues/8633 ## https://github.com/QubesOS/qubes-issues/issues/8633
## ##
## match both: ## matches both:
## - /usr/lib/qubes/qfile-unpacker whitelist ## - /usr/lib/qubes/qfile-unpacker whitelist
## - Not bit-for-bit identical to /usr/lib/qubes/qfile-unpacker. ## - Not bit-for-bit identical to /usr/lib/qubes/qfile-unpacker.
## - Stripping SUID from this does *not* break file copying. ## - Stripping SUID from this does *not* break file copying.
## - TODO: further reserach required on its purpose ## - TODO: further reserach required on its purpose
## - /usr/bin/qfile-unpacker ## - /usr/bin/qfile-unpacker
## - Appears to be an integral part of file transfer between qubes, stripping
## SUID from this in an AppVM results in that AppVM being unable to receive
## files any longer. (It can still send files to other qubes though.)
qfile-unpacker matchwhitelist qfile-unpacker matchwhitelist