Patrick Schleizer
|
3ea587187e
|
no need to exclude xorg nosuid on Debian
http://forums.whonix.org/t/permission-hardening/8655/25
|
2019-12-21 06:53:07 -05:00 |
|
Patrick Schleizer
|
c336bc4fd2
|
comment
|
2019-12-21 06:39:13 -05:00 |
|
Patrick Schleizer
|
fac17a963d
|
bumped changelog version
|
2019-12-21 06:28:19 -05:00 |
|
Patrick Schleizer
|
b5f88efe20
|
fix
|
2019-12-21 06:27:01 -05:00 |
|
Patrick Schleizer
|
2088628c8d
|
debugging
|
2019-12-21 06:24:08 -05:00 |
|
Patrick Schleizer
|
2dca031527
|
debugging
|
2019-12-21 06:22:46 -05:00 |
|
Patrick Schleizer
|
195e00cc87
|
output
|
2019-12-21 06:16:38 -05:00 |
|
Patrick Schleizer
|
78d33d8b57
|
bumped changelog version
|
2019-12-21 06:12:20 -05:00 |
|
Patrick Schleizer
|
4b21b6df41
|
fix
|
2019-12-21 06:11:44 -05:00 |
|
Patrick Schleizer
|
ff48b672a8
|
bumped changelog version
|
2019-12-21 06:00:17 -05:00 |
|
Patrick Schleizer
|
8436da2b7b
|
output
|
2019-12-21 05:58:50 -05:00 |
|
Patrick Schleizer
|
da15265e1c
|
fix
|
2019-12-21 05:55:23 -05:00 |
|
Patrick Schleizer
|
2a248fe0de
|
fix
|
2019-12-21 05:54:39 -05:00 |
|
Patrick Schleizer
|
4f12664362
|
output
|
2019-12-21 05:54:07 -05:00 |
|
Patrick Schleizer
|
e3355843c8
|
fix
|
2019-12-21 05:51:22 -05:00 |
|
Patrick Schleizer
|
234ec5fe93
|
fix
|
2019-12-21 05:47:35 -05:00 |
|
Patrick Schleizer
|
65b5adb2d7
|
bumped changelog version
|
2019-12-21 05:38:39 -05:00 |
|
Patrick Schleizer
|
7ff900c204
|
fix
|
2019-12-21 05:37:43 -05:00 |
|
Patrick Schleizer
|
2b5a49a61b
|
bumped changelog version
|
2019-12-21 05:31:55 -05:00 |
|
Patrick Schleizer
|
e1a5ee4bcf
|
output
|
2019-12-21 05:26:55 -05:00 |
|
Patrick Schleizer
|
66aaf3e22c
|
output
|
2019-12-21 05:25:54 -05:00 |
|
Patrick Schleizer
|
7aa7d0b5a0
|
improve error handling
|
2019-12-21 05:22:27 -05:00 |
|
Patrick Schleizer
|
8919d38de9
|
disable debugging
|
2019-12-21 05:21:46 -05:00 |
|
Patrick Schleizer
|
cf5dee64fd
|
refactoring
|
2019-12-21 05:18:34 -05:00 |
|
Patrick Schleizer
|
29cd9a0c38
|
fix
|
2019-12-21 05:17:35 -05:00 |
|
Patrick Schleizer
|
486027a4d7
|
fix
|
2019-12-21 05:15:38 -05:00 |
|
Patrick Schleizer
|
1fd26be864
|
fix
|
2019-12-21 05:14:51 -05:00 |
|
Patrick Schleizer
|
0fc97c37be
|
fix
|
2019-12-21 05:14:39 -05:00 |
|
Patrick Schleizer
|
1018d5b3b0
|
output
|
2019-12-21 05:11:51 -05:00 |
|
Patrick Schleizer
|
4388fc4d5a
|
refactoring
|
2019-12-21 05:11:19 -05:00 |
|
Patrick Schleizer
|
ed20980f4c
|
refactoring
|
2019-12-21 05:07:10 -05:00 |
|
Patrick Schleizer
|
315ce86b9a
|
refactoring
|
2019-12-21 04:33:03 -05:00 |
|
Patrick Schleizer
|
0c5848494b
|
do not remount if already has intended mount options
|
2019-12-21 04:21:26 -05:00 |
|
Patrick Schleizer
|
203f4ad46e
|
refactoring
|
2019-12-21 04:17:10 -05:00 |
|
Patrick Schleizer
|
e7fd0dadb0
|
output
|
2019-12-21 04:09:35 -05:00 |
|
Patrick Schleizer
|
e6ea21c775
|
record existing modes in separate dpkg-statoverwrite databases
to have a history of what was modified and to allow to undo changes
|
2019-12-21 04:08:35 -05:00 |
|
Patrick Schleizer
|
89be5f2ecb
|
bumped changelog version
|
2019-12-21 02:05:39 -05:00 |
|
Patrick Schleizer
|
d220bb3bc4
|
suid /usr/lib/chromium/chrome-sandbox whitelist
|
2019-12-20 13:07:01 -05:00 |
|
Patrick Schleizer
|
77b3dd5d6b
|
comments
|
2019-12-20 13:02:33 -05:00 |
|
Patrick Schleizer
|
d7bd477e73
|
add "/usr/lib/xorg/Xorg.wrap whitelist"
until this is researched
https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
https://lwn.net/Articles/590315/
|
2019-12-20 12:59:27 -05:00 |
|
Patrick Schleizer
|
17e8605119
|
add matchwhitelist feature
add "/usr/lib/virtualbox/ matchwhitelist"
|
2019-12-20 12:57:24 -05:00 |
|
Patrick Schleizer
|
3fab387669
|
suid /usr/bin/firejail whitelist
There is a controversy about firejail but those who choose to install it
should be able to use it.
https://www.whonix.org/wiki/Dev/Firejail#Security
|
2019-12-20 12:50:35 -05:00 |
|
Patrick Schleizer
|
d3f16a5bf4
|
sgid /usr/lib/qubes/qfile-unpacker whitelist
|
2019-12-20 12:47:10 -05:00 |
|
Patrick Schleizer
|
508ec0c6fa
|
comment
|
2019-12-20 12:34:07 -05:00 |
|
Patrick Schleizer
|
1b569ea790
|
comment
|
2019-12-20 12:32:36 -05:00 |
|
Patrick Schleizer
|
f88ca25889
|
fix terminology, sguid -> sgid
Thanks to @madaidan for the bug report!
https://forums.whonix.org/t/permission-hardening/8655/21
|
2019-12-20 11:58:07 -05:00 |
|
Patrick Schleizer
|
1cd5fb6a00
|
bumped changelog version
|
2019-12-20 11:50:25 -05:00 |
|
Patrick Schleizer
|
ff0a26fb5d
|
comment
|
2019-12-20 11:49:19 -05:00 |
|
Patrick Schleizer
|
71496a33ab
|
skip folders are these are not suid / guid
|
2019-12-20 11:47:53 -05:00 |
|
Patrick Schleizer
|
9321ecff41
|
no more need to add/remove /
|
2019-12-20 11:43:53 -05:00 |
|