Protect shell startup files

author: netblue30 <netblue30@yahoo.com> 2015-10-30 08:55:25 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-30 08:55:25 -0400
commit: 2b37849dbdc1e7be2fac0756a39de8e54b40ae2c (patch)
tree: 7ddf41d4c3b53176aa978ddd63384e009125bd1b
parent: release 0.9.34-rc1 testing (diff)
download: firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.gz
firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.zst
firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.zip
4 files changed, 45 insertions, 10 deletions
diff --git a/README b/README
index c2702f075..9edc65b11 100644
--- a/README
+++ b/README
@@ -18,6 +18,8 @@ License: GPL v2
 Firejail Authors:
 netblue30 (netblue30@yahoo.com)
+Daan Bakker (https://github.com/dbakker)
+        - protect shell startup files
 Duncan Overbruck (https://github.com/Duncaen)
        - musl libc fix
 andrew160 (https://github.com/andrew160)
diff --git a/configure b/configure
index 0b81d4839..72f604573 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc1.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc2.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.34-rc1'
+PACKAGE_VERSION='0.9.34-rc2'
-PACKAGE_STRING='firejail 0.9.34-rc1'
+PACKAGE_STRING='firejail 0.9.34-rc2'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://github.com/netblue30/firejail'
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures firejail 0.9.34-rc1 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.34-rc2 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1299,7 +1299,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.34-rc1:";;
+     short | recursive ) echo "Configuration of firejail 0.9.34-rc2:";;
   esac
  cat <<\_ACEOF
@@ -1389,7 +1389,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-firejail configure 0.9.34-rc1
+firejail configure 0.9.34-rc2
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by firejail $as_me 0.9.34-rc1, which was
+It was created by firejail $as_me 0.9.34-rc2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  $ $0 $@
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.34-rc1, which was
+This file was extended by firejail $as_me 0.9.34-rc2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@@ -4156,7 +4156,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.34-rc1
+firejail config.status 0.9.34-rc2
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index 70a1ce3ec..352cf0d12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.34-rc1, netblue30@yahoo.com, , http://github.com/netblue30/firejail)
+AC_INIT(firejail, 0.9.34-rc2, netblue30@yahoo.com, , http://github.com/netblue30/firejail)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ece906717..87a979034 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -76,3 +76,36 @@ blacklist /etc/profile.d
 blacklist /etc/rc.local
 blacklist /etc/anacrontab
+# General startup files
+read-only ${HOME}/.xinitrc
+read-only ${HOME}/.xserverrc
+read-only ${HOME}/.profile
+# Shell startup files
+read-only ${HOME}/.bash_login
+read-only ${HOME}/.bashrc
+read-only ${HOME}/.bash_profile
+read-only ${HOME}/.bash_logout
+read-only ${HOME}/.zshrc
+read-only ${HOME}/.zlogin
+read-only ${HOME}/.zprofile
+read-only ${HOME}/.zlogout
+read-only ${HOME}/.zsh_files
+read-only ${HOME}/.tcshrc
+read-only ${HOME}/.cshrc
+read-only ${HOME}/.csh_files
+# Initialization files that allow arbitrary command execution
+read-only ${HOME}/.mailcap
+read-only ${HOME}/.exrc
+read-only ${HOME}/.vimrc
+read-only ${HOME}/.vim
+read-only ${HOME}/.emacs
+read-only ${HOME}/.tmux.conf
+read-only ${HOME}/.iscreenrc
+read-only ${HOME}/.muttrc
+read-only ${HOME}/.xmonad
+# The user ~/bin directory can override commands such as ls
+read-only ${HOME}/bin
author	netblue30 <netblue30@yahoo.com>	2015-10-30 08:55:25 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-30 08:55:25 -0400
commit	2b37849dbdc1e7be2fac0756a39de8e54b40ae2c (patch)
tree	7ddf41d4c3b53176aa978ddd63384e009125bd1b
parent	release 0.9.34-rc1 testing (diff)
download	firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.gz firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.zst firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.zip