diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:20:04 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:26:43 -0300 |
commit | c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a (patch) | |
tree | 91bb5a7125e7e66ac00a7fd1ca76c69e8ea31bfe | |
parent | disable-common.inc: sort suid section (diff) | |
download | firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.tar.gz firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.tar.zst firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.zip |
disable-common.inc: add more suid programs
Programs:
$ pacman -Qo fusermount3 groupmems mount.cifs wall write
/usr/bin/fusermount3 is owned by fuse3 3.16.1-1
/usr/bin/groupmems is owned by shadow 4.14.0-4
/usr/bin/mount.cifs is owned by cifs-utils 7.0-3
/usr/bin/wall is owned by util-linux 2.39.2-1
/usr/bin/write is owned by util-linux 2.39.2-1
-rw-r--r-- | etc/inc/disable-common.inc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index d42ec5964..021c5bd20 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -515,16 +515,17 @@ blacklist ${PATH}/evtest | |||
515 | blacklist ${PATH}/expiry | 515 | blacklist ${PATH}/expiry |
516 | blacklist ${PATH}/fping | 516 | blacklist ${PATH}/fping |
517 | blacklist ${PATH}/fping6 | 517 | blacklist ${PATH}/fping6 |
518 | blacklist ${PATH}/fusermount | 518 | blacklist ${PATH}/fusermount* |
519 | blacklist ${PATH}/gksu | 519 | blacklist ${PATH}/gksu |
520 | blacklist ${PATH}/gksudo | 520 | blacklist ${PATH}/gksudo |
521 | blacklist ${PATH}/gpasswd | 521 | blacklist ${PATH}/gpasswd |
522 | blacklist ${PATH}/groupmems | ||
522 | blacklist ${PATH}/hostname | 523 | blacklist ${PATH}/hostname |
523 | #blacklist ${PATH}/ip # breaks --ip=dhcp | 524 | #blacklist ${PATH}/ip # breaks --ip=dhcp |
524 | blacklist ${PATH}/kdesudo | 525 | blacklist ${PATH}/kdesudo |
525 | blacklist ${PATH}/ksu | 526 | blacklist ${PATH}/ksu |
526 | blacklist ${PATH}/mount | 527 | blacklist ${PATH}/mount |
527 | blacklist ${PATH}/mount.ecryptfs_private | 528 | blacklist ${PATH}/mount.* |
528 | blacklist ${PATH}/mountpoint | 529 | blacklist ${PATH}/mountpoint |
529 | blacklist ${PATH}/mtr | 530 | blacklist ${PATH}/mtr |
530 | blacklist ${PATH}/mtr-packet | 531 | blacklist ${PATH}/mtr-packet |
@@ -563,6 +564,8 @@ blacklist ${PATH}/tcpdump | |||
563 | blacklist ${PATH}/traceroute | 564 | blacklist ${PATH}/traceroute |
564 | blacklist ${PATH}/umount | 565 | blacklist ${PATH}/umount |
565 | blacklist ${PATH}/unix_chkpwd | 566 | blacklist ${PATH}/unix_chkpwd |
567 | blacklist ${PATH}/wall | ||
568 | blacklist ${PATH}/write | ||
566 | blacklist ${PATH}/wshowkeys | 569 | blacklist ${PATH}/wshowkeys |
567 | blacklist ${PATH}/xev | 570 | blacklist ${PATH}/xev |
568 | blacklist ${PATH}/xinput | 571 | blacklist ${PATH}/xinput |