From 253578afdf9a4aeb8c5495ca815d0326086dc986 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 13 Apr 2020 06:50:32 -0400 Subject: [PATCH] /etc/security/access-security-misc.conf white list ttyS0 etc. ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9 Thanks to @subpar_marlin for the bug report and helping to fix this! https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43 https://forums.whonix.org/t/etc-security-hardening/8592 --- etc/security/access-security-misc.conf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/etc/security/access-security-misc.conf b/etc/security/access-security-misc.conf index b0e9974..bcbdba3 100644 --- a/etc/security/access-security-misc.conf +++ b/etc/security/access-security-misc.conf @@ -24,11 +24,14 @@ ## - 'tty1' to 'tty7' ## - 'pts/0' to 'pts/9' ## - 'hvc0' to 'hvc9' -+:console:console tty1 tty2 tty3 tty4 tty5 tty6 tty7 pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 hvc8 hvc9 +## serial console +## https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43 +## - 'ttyS0' to 'ttyS9' ++:console:console tty1 tty2 tty3 tty4 tty5 tty6 tty7 pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 hvc8 hvc9 ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9 ## Same as above also for members of group `sudo`. ## https://github.com/Whonix/security-misc/pull/74#issuecomment-607748407 -+:sudo:console tty1 tty2 tty3 tty4 tty5 tty6 tty7 pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 hvc8 hvc9 ++:sudo:console tty1 tty2 tty3 tty4 tty5 tty6 tty7 pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 hvc8 hvc9 ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9 ## Everyone else except members of group 'console-unrestricted' ## are restricted from everything else.