mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-22 02:17:04 +07:00
Code Issues Packages Projects Releases Wiki Activity

https://forums.whonix.org/t/restrict-root-access/7658/116

Browse Source
This commit is contained in:
Patrick Schleizer 2021-06-20 10:16:33 -04:00
parent 419f1d89c2
commit eff5af0318
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/permission-hardening.d/25_default_sudo.conf
View File

@ -5,6 +5,7 @@
## "/usr/local/etc/permission-hardening.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten.
## https://forums.whonix.org/t/restrict-root-access/7658/116
## This restricts the file permissions of the sudo executable so that a vulnerability
## in the program will not be exploitable by any users not in the "sudo" group. sudo
## is a very complex program and is setuid so vulnerabilities in it can allow privilege
@ -15,5 +16,5 @@
## the "sudo" group could exploit such vulnerabilities. For example, this would prevent a
## compromised network-facing daemon (such as web servers, time synchronization daemons,
## etc.) running as its own user from exploiting sudo to escalate privileges.
/usr/bin/sudo 4750 root sudo
/bin/sudo 4750 root sudo
#/usr/bin/sudo 4750 root sudo
#/bin/sudo 4750 root sudo