security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-03 18:05:02 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	f4b1df02ee	Remove suid / gid and execute permission for 'group' and 'others'. Similar to: chmod og-ugx /path/to/filename Removing execution permission is useful to make binaries such as 'su' fail closed rather than fail open if suid was removed from these. Do not remove read access since no security benefit and easier to manually undo for users. chmod 744	2019-12-22 19:42:40 -05:00
Patrick Schleizer	d300db3cde	output	2019-12-21 14:45:11 -05:00
Patrick Schleizer	3921846df6	comment	2019-12-21 14:36:42 -05:00
Patrick Schleizer	b74e5ca972	comment	2019-12-21 07:47:00 -05:00
Patrick Schleizer	8fb17624bc	comment	2019-12-21 07:44:51 -05:00
Patrick Schleizer	c336bc4fd2	comment	2019-12-21 06:39:13 -05:00
Patrick Schleizer	b5f88efe20	fix	2019-12-21 06:27:01 -05:00
Patrick Schleizer	2088628c8d	debugging	2019-12-21 06:24:08 -05:00
Patrick Schleizer	2dca031527	debugging	2019-12-21 06:22:46 -05:00
Patrick Schleizer	195e00cc87	output	2019-12-21 06:16:38 -05:00
Patrick Schleizer	4b21b6df41	fix	2019-12-21 06:11:44 -05:00
Patrick Schleizer	8436da2b7b	output	2019-12-21 05:58:50 -05:00
Patrick Schleizer	da15265e1c	fix	2019-12-21 05:55:23 -05:00
Patrick Schleizer	2a248fe0de	fix	2019-12-21 05:54:39 -05:00
Patrick Schleizer	4f12664362	output	2019-12-21 05:54:07 -05:00
Patrick Schleizer	e3355843c8	fix	2019-12-21 05:51:22 -05:00
Patrick Schleizer	234ec5fe93	fix	2019-12-21 05:47:35 -05:00
Patrick Schleizer	7ff900c204	fix	2019-12-21 05:37:43 -05:00
Patrick Schleizer	e6ea21c775	record existing modes in separate dpkg-statoverwrite databases to have a history of what was modified and to allow to undo changes	2019-12-21 04:08:35 -05:00
Patrick Schleizer	17e8605119	add matchwhitelist feature add "/usr/lib/virtualbox/ matchwhitelist"	2019-12-20 12:57:24 -05:00
Patrick Schleizer	1b569ea790	comment	2019-12-20 12:32:36 -05:00
Patrick Schleizer	f88ca25889	fix terminology, sguid -> sgid Thanks to @madaidan for the bug report! https://forums.whonix.org/t/permission-hardening/8655/21	2019-12-20 11:58:07 -05:00
Patrick Schleizer	ff0a26fb5d	comment	2019-12-20 11:49:19 -05:00
Patrick Schleizer	71496a33ab	skip folders are these are not suid / guid	2019-12-20 11:47:53 -05:00
Patrick Schleizer	9321ecff41	no more need to add/remove /	2019-12-20 11:43:53 -05:00
Patrick Schleizer	b95225b6a6	pipefail	2019-12-20 11:37:05 -05:00
Patrick Schleizer	cad6f328f4	minor	2019-12-20 11:34:44 -05:00
Patrick Schleizer	3265f9894d	output	2019-12-20 11:27:43 -05:00
Patrick Schleizer	1615ebec58	output	2019-12-20 11:07:44 -05:00
Patrick Schleizer	1e11b775cf	output	2019-12-20 11:05:05 -05:00
Patrick Schleizer	731f802895	output	2019-12-20 11:04:12 -05:00
Patrick Schleizer	cd8efe5800	output	2019-12-20 11:03:22 -05:00
Patrick Schleizer	b31abea0af	improve error handling	2019-12-20 10:49:31 -05:00
Patrick Schleizer	79cd3b86b6	comment	2019-12-20 10:47:23 -05:00
Patrick Schleizer	b3458cc6ee	fix checking existing entries to avoid needless calls to dpkg-statoverride	2019-12-20 10:45:59 -05:00
Patrick Schleizer	370f3c5e54	comment	2019-12-20 10:35:05 -05:00
Patrick Schleizer	133d09f298	output	2019-12-20 10:33:16 -05:00
Patrick Schleizer	1ffa8e197e	speed up setuid removal by using find with '-perm /u=s,g=s' https://forums.whonix.org/t/permission-hardening/8655/19	2019-12-20 10:31:26 -05:00
Patrick Schleizer	4cfdf2c65b	fix, re-enforce nosuid even if changed on the disk	2019-12-20 10:21:27 -05:00
Patrick Schleizer	e36868e675	output	2019-12-20 10:02:46 -05:00
Patrick Schleizer	50b8f65490	add sanity test: count if we really processed all files	2019-12-20 09:59:28 -05:00
Patrick Schleizer	55faa7b997	fix missing processing files bug https://forums.whonix.org/t/permission-hardening/8655/16	2019-12-20 09:43:23 -05:00
Patrick Schleizer	fbe2479f48	count processed file system objects to be able to verify if any were "forgotten"	2019-12-20 08:54:56 -05:00
Patrick Schleizer	195ea522f5	fix	2019-12-20 08:52:14 -05:00
Patrick Schleizer	6f8231be70	debugging	2019-12-20 08:51:55 -05:00
Patrick Schleizer	ed50f98010	output	2019-12-20 08:47:22 -05:00
Patrick Schleizer	6d30e3b4a2	do not remove suid from whitelisted binaries ever https://forums.whonix.org/t/permission-hardening/8655/13	2019-12-20 08:13:23 -05:00
Patrick Schleizer	d5f1bd8dd2	fix mode sanity check no longer use seq due to issue https://forums.whonix.org/t/permission-hardening/8655/13	2019-12-20 08:02:30 -05:00
Patrick Schleizer	050f4d8b94	comment	2019-12-20 06:34:37 -05:00
Patrick Schleizer	36043fe5cc	comment	2019-12-20 06:33:41 -05:00

1 2 3

116 commits