mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-29 10:56:12 -05:00
abf72c2ee4
Hardener as the script is the agent that is hardening the file permissions.
19 lines
725 B
Plaintext
19 lines
725 B
Plaintext
## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Please use "/etc/permission-hardener.d/20_user.conf" or
|
|
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
|
|
## configuration. When security-misc is updated, this file may be overwritten.
|
|
|
|
## TODO: research
|
|
## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
|
|
##
|
|
## Qubes upstream security issue:
|
|
## qfile-unpacker allows unprivileged users in VMs to gain root privileges
|
|
## https://github.com/QubesOS/qubes-issues/issues/8633
|
|
##
|
|
## match both:
|
|
#/usr/lib/qubes/qfile-unpacker whitelist
|
|
#/lib/qubes/qfile-unpacker
|
|
qfile-unpacker matchwhitelist
|