Commit Graph

847 Commits

Author SHA1 Message Date
Patrick Schleizer
3ea587187e
no need to exclude xorg nosuid on Debian
http://forums.whonix.org/t/permission-hardening/8655/25
2019-12-21 06:53:07 -05:00
Patrick Schleizer
c336bc4fd2
comment 2019-12-21 06:39:13 -05:00
Patrick Schleizer
fac17a963d
bumped changelog version 2019-12-21 06:28:19 -05:00
Patrick Schleizer
b5f88efe20
fix 2019-12-21 06:27:01 -05:00
Patrick Schleizer
2088628c8d
debugging 2019-12-21 06:24:08 -05:00
Patrick Schleizer
2dca031527
debugging 2019-12-21 06:22:46 -05:00
Patrick Schleizer
195e00cc87
output 2019-12-21 06:16:38 -05:00
Patrick Schleizer
78d33d8b57
bumped changelog version 2019-12-21 06:12:20 -05:00
Patrick Schleizer
4b21b6df41
fix 2019-12-21 06:11:44 -05:00
Patrick Schleizer
ff48b672a8
bumped changelog version 2019-12-21 06:00:17 -05:00
Patrick Schleizer
8436da2b7b
output 2019-12-21 05:58:50 -05:00
Patrick Schleizer
da15265e1c
fix 2019-12-21 05:55:23 -05:00
Patrick Schleizer
2a248fe0de
fix 2019-12-21 05:54:39 -05:00
Patrick Schleizer
4f12664362
output 2019-12-21 05:54:07 -05:00
Patrick Schleizer
e3355843c8
fix 2019-12-21 05:51:22 -05:00
Patrick Schleizer
234ec5fe93
fix 2019-12-21 05:47:35 -05:00
Patrick Schleizer
65b5adb2d7
bumped changelog version 2019-12-21 05:38:39 -05:00
Patrick Schleizer
7ff900c204
fix 2019-12-21 05:37:43 -05:00
Patrick Schleizer
2b5a49a61b
bumped changelog version 2019-12-21 05:31:55 -05:00
Patrick Schleizer
e1a5ee4bcf
output 2019-12-21 05:26:55 -05:00
Patrick Schleizer
66aaf3e22c
output 2019-12-21 05:25:54 -05:00
Patrick Schleizer
7aa7d0b5a0
improve error handling 2019-12-21 05:22:27 -05:00
Patrick Schleizer
8919d38de9
disable debugging 2019-12-21 05:21:46 -05:00
Patrick Schleizer
cf5dee64fd
refactoring 2019-12-21 05:18:34 -05:00
Patrick Schleizer
29cd9a0c38
fix 2019-12-21 05:17:35 -05:00
Patrick Schleizer
486027a4d7
fix 2019-12-21 05:15:38 -05:00
Patrick Schleizer
1fd26be864
fix 2019-12-21 05:14:51 -05:00
Patrick Schleizer
0fc97c37be
fix 2019-12-21 05:14:39 -05:00
Patrick Schleizer
1018d5b3b0
output 2019-12-21 05:11:51 -05:00
Patrick Schleizer
4388fc4d5a
refactoring 2019-12-21 05:11:19 -05:00
Patrick Schleizer
ed20980f4c
refactoring 2019-12-21 05:07:10 -05:00
Patrick Schleizer
315ce86b9a
refactoring 2019-12-21 04:33:03 -05:00
Patrick Schleizer
0c5848494b
do not remount if already has intended mount options 2019-12-21 04:21:26 -05:00
Patrick Schleizer
203f4ad46e
refactoring 2019-12-21 04:17:10 -05:00
Patrick Schleizer
e7fd0dadb0
output 2019-12-21 04:09:35 -05:00
Patrick Schleizer
e6ea21c775
record existing modes in separate dpkg-statoverwrite databases
to have a history of what was modified and to allow to undo changes
2019-12-21 04:08:35 -05:00
Patrick Schleizer
89be5f2ecb
bumped changelog version 2019-12-21 02:05:39 -05:00
Patrick Schleizer
d220bb3bc4
suid /usr/lib/chromium/chrome-sandbox whitelist 2019-12-20 13:07:01 -05:00
Patrick Schleizer
77b3dd5d6b
comments 2019-12-20 13:02:33 -05:00
Patrick Schleizer
d7bd477e73
add "/usr/lib/xorg/Xorg.wrap whitelist"
until this is researched

https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
https://lwn.net/Articles/590315/
2019-12-20 12:59:27 -05:00
Patrick Schleizer
17e8605119
add matchwhitelist feature
add "/usr/lib/virtualbox/ matchwhitelist"
2019-12-20 12:57:24 -05:00
Patrick Schleizer
3fab387669
suid /usr/bin/firejail whitelist
There is a controversy about firejail but those who choose to install it
should be able to use it.
https://www.whonix.org/wiki/Dev/Firejail#Security
2019-12-20 12:50:35 -05:00
Patrick Schleizer
d3f16a5bf4
sgid /usr/lib/qubes/qfile-unpacker whitelist 2019-12-20 12:47:10 -05:00
Patrick Schleizer
508ec0c6fa
comment 2019-12-20 12:34:07 -05:00
Patrick Schleizer
1b569ea790
comment 2019-12-20 12:32:36 -05:00
Patrick Schleizer
f88ca25889
fix terminology, sguid -> sgid
Thanks to @madaidan for the bug report!

https://forums.whonix.org/t/permission-hardening/8655/21
2019-12-20 11:58:07 -05:00
Patrick Schleizer
1cd5fb6a00
bumped changelog version 2019-12-20 11:50:25 -05:00
Patrick Schleizer
ff0a26fb5d
comment 2019-12-20 11:49:19 -05:00
Patrick Schleizer
71496a33ab
skip folders are these are not suid / guid 2019-12-20 11:47:53 -05:00
Patrick Schleizer
9321ecff41
no more need to add/remove / 2019-12-20 11:43:53 -05:00