Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-12 13:52:57 -04:00
Code Issues Projects Releases Packages Wiki Activity
security-misc/usr/lib
History
Ashlen 94dc9da4ab
fix(permission-hardener): ssh-agent gets 755 perms 
Replace the commented-out matchwhitelist entry for ssh-agent with an
explicit permission entry (755) for /usr/bin/ssh-agent.

When ssh-agent's matchwhitelist entry was commented out in commit
7a5f8b87af, permission-hardener began resetting it to restrictive
defaults (744), preventing non-root users from executing ssh-agent. This
broke split SSH functionality in Qubes OS for me because I was using
Kicksecure in the vault qube, and ssh-agent runs under a non-root user in
that configuration (see https://forum.qubes-os.org/t/split-ssh/19060).

As noted in the comment, Debian installs with 2755 permissions as a way
to mitigate ptrace attacks, but this rationale doesn't apply due to
kernel.yama.ptrace_scope=2 being set in Kicksecure.
2025-05-20 18:04:46 -06:00
..
dracut/modules.d-disabled/20remount-secure copyright 2024-12-31 13:26:21 -05:00
issue.d move to /usr/lib/issue.d/20_security-misc.issue 2023-12-04 11:38:49 -05:00
modules-load.d comments 2025-04-08 06:53:08 -04:00
NetworkManager/conf.d copyright 2024-12-31 13:26:21 -05:00
permission-hardener.d fix(permission-hardener): ssh-agent gets 755 perms 2025-05-20 18:04:46 -06:00
sysctl.d Update docs on kernel panics 2025-02-03 00:31:45 +00:00
systemd Disable pstore processing by systemd-pstore service 2025-03-16 03:28:39 +00:00