mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-22 20:43:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #285 from Kicksecure/permission-hardener-mount

Browse Source 
Permission Hardener: treat mount same as umount
This commit is contained in:
Patrick Schleizer 2024-12-14 15:18:56 -05:00 committed by GitHub
commit 9d06341c91
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/permission-hardener.d/25_default_whitelist_mount.conf
View File

@ -10,8 +10,12 @@
## SUID will be removed below in separate step.
/bin/mount exactwhitelist
/usr/bin/mount exactwhitelist
/bin/umount exactwhitelist
/usr/bin/umount exactwhitelist
## Remove SUID from 'mount' but keep executable.
## https://forums.whonix.org/t/disable-suid-binaries/7706/61
/bin/mount 745 root root
/usr/bin/mount 745 root root
/bin/mount 755 root root
/usr/bin/mount 755 root root
/bin/umount 755 root root
/usr/bin/umount 755 root root