From 071b984a1eaaa8a8ea6a40e4ee36eabcde2d630d Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Wed, 17 Jan 2024 13:49:05 -0500
Subject: [PATCH] `sort -d`

https://github.com/Kicksecure/security-misc/issues/190
---
 etc/permission-hardener.d/30_default.conf | 41 +++++++++--------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/etc/permission-hardener.d/30_default.conf b/etc/permission-hardener.d/30_default.conf
index 5db32b2..d35ee5a 100644
--- a/etc/permission-hardener.d/30_default.conf
+++ b/etc/permission-hardener.d/30_default.conf
@@ -91,34 +91,23 @@
 ##
 ## Remove all SUID/SGID binaries/libraries.
 
-/usr/local/bin/ nosuid
-
-/usr/bin/ nosuid
-/usr/local/usr/bin/ nosuid
-
-/usr/local/sbin/ nosuid
-
-/usr/sbin/ nosuid
-/usr/local/usr/sbin/ nosuid
-
-/usr/local/lib/ nosuid
-
-/usr/local/lib32/ nosuid
-
-/usr/local/lib64/ nosuid
-
-/usr/lib/ nosuid
-/usr/local/usr/lib/ nosuid
-
-/usr/lib32/ nosuid
-/usr/local/usr/lib32/ nosuid
-
-/usr/lib64/ nosuid
-/usr/local/usr/lib64/ nosuid
-
-## https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
 /opt/ nosuid
+/usr/bin/ nosuid
+/usr/lib32/ nosuid
+/usr/lib64/ nosuid
+/usr/lib/ nosuid
+/usr/local/bin/ nosuid
+/usr/local/lib32/ nosuid
+/usr/local/lib64/ nosuid
+/usr/local/lib/ nosuid
 /usr/local/opt/ nosuid
+/usr/local/sbin/ nosuid
+/usr/local/usr/bin/ nosuid
+/usr/local/usr/lib32/ nosuid
+/usr/local/usr/lib64/ nosuid
+/usr/local/usr/lib/ nosuid
+/usr/local/usr/sbin/ nosuid
+/usr/sbin/ nosuid
 
 ######################################################################
 # Capability Removal