diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:18:04 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:18:04 -0300 |
commit | 741dac237cebcf144baee5274df18741558c55c4 (patch) | |
tree | 0da7392ec3aca5ce194e890c066d4fa0c226ee1b | |
parent | pavucontrol-qt: fix broken whitelisting in ${HOME} (#6045) (diff) | |
download | firejail-741dac237cebcf144baee5274df18741558c55c4.tar.gz firejail-741dac237cebcf144baee5274df18741558c55c4.tar.zst firejail-741dac237cebcf144baee5274df18741558c55c4.zip |
disable-common.inc: sort suid section
-rw-r--r-- | etc/inc/disable-common.inc | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 8dae97fe9..d42ec5964 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -504,6 +504,7 @@ blacklist /usr/sbin | |||
504 | 504 | ||
505 | # system management and various SUID executables | 505 | # system management and various SUID executables |
506 | blacklist ${PATH}/at | 506 | blacklist ${PATH}/at |
507 | blacklist ${PATH}/bmon | ||
507 | blacklist ${PATH}/busybox | 508 | blacklist ${PATH}/busybox |
508 | blacklist ${PATH}/chage | 509 | blacklist ${PATH}/chage |
509 | blacklist ${PATH}/chfn | 510 | blacklist ${PATH}/chfn |
@@ -512,71 +513,70 @@ blacklist ${PATH}/crontab | |||
512 | blacklist ${PATH}/doas | 513 | blacklist ${PATH}/doas |
513 | blacklist ${PATH}/evtest | 514 | blacklist ${PATH}/evtest |
514 | blacklist ${PATH}/expiry | 515 | blacklist ${PATH}/expiry |
516 | blacklist ${PATH}/fping | ||
517 | blacklist ${PATH}/fping6 | ||
515 | blacklist ${PATH}/fusermount | 518 | blacklist ${PATH}/fusermount |
516 | blacklist ${PATH}/gksu | 519 | blacklist ${PATH}/gksu |
517 | blacklist ${PATH}/gksudo | 520 | blacklist ${PATH}/gksudo |
518 | blacklist ${PATH}/gpasswd | 521 | blacklist ${PATH}/gpasswd |
522 | blacklist ${PATH}/hostname | ||
523 | #blacklist ${PATH}/ip # breaks --ip=dhcp | ||
519 | blacklist ${PATH}/kdesudo | 524 | blacklist ${PATH}/kdesudo |
520 | blacklist ${PATH}/ksu | 525 | blacklist ${PATH}/ksu |
521 | blacklist ${PATH}/mount | 526 | blacklist ${PATH}/mount |
522 | blacklist ${PATH}/mount.ecryptfs_private | 527 | blacklist ${PATH}/mount.ecryptfs_private |
523 | blacklist ${PATH}/mountpoint | 528 | blacklist ${PATH}/mountpoint |
529 | blacklist ${PATH}/mtr | ||
530 | blacklist ${PATH}/mtr-packet | ||
524 | blacklist ${PATH}/nc | 531 | blacklist ${PATH}/nc |
525 | blacklist ${PATH}/nc.traditional | ||
526 | blacklist ${PATH}/nc.openbsd | 532 | blacklist ${PATH}/nc.openbsd |
533 | blacklist ${PATH}/nc.traditional | ||
527 | blacklist ${PATH}/ncat | 534 | blacklist ${PATH}/ncat |
528 | blacklist ${PATH}/nmap | 535 | blacklist ${PATH}/netstat |
536 | blacklist ${PATH}/networkctl | ||
529 | blacklist ${PATH}/newgidmap | 537 | blacklist ${PATH}/newgidmap |
530 | blacklist ${PATH}/newgrp | 538 | blacklist ${PATH}/newgrp |
531 | blacklist ${PATH}/newuidmap | 539 | blacklist ${PATH}/newuidmap |
540 | blacklist ${PATH}/nm-online | ||
541 | blacklist ${PATH}/nmap | ||
542 | blacklist ${PATH}/nmcli | ||
543 | blacklist ${PATH}/nmtui | ||
544 | blacklist ${PATH}/nmtui-connect | ||
545 | blacklist ${PATH}/nmtui-edit | ||
546 | blacklist ${PATH}/nmtui-hostname | ||
532 | blacklist ${PATH}/ntfs-3g | 547 | blacklist ${PATH}/ntfs-3g |
548 | blacklist ${PATH}/passwd | ||
549 | blacklist ${PATH}/physlock | ||
533 | blacklist ${PATH}/pkexec | 550 | blacklist ${PATH}/pkexec |
551 | blacklist ${PATH}/pmount | ||
534 | blacklist ${PATH}/procmail | 552 | blacklist ${PATH}/procmail |
553 | blacklist ${PATH}/pumount | ||
554 | blacklist ${PATH}/schroot | ||
535 | blacklist ${PATH}/sg | 555 | blacklist ${PATH}/sg |
556 | blacklist ${PATH}/slock | ||
557 | blacklist ${PATH}/ss | ||
536 | blacklist ${PATH}/strace | 558 | blacklist ${PATH}/strace |
537 | blacklist ${PATH}/su | 559 | blacklist ${PATH}/su |
538 | blacklist ${PATH}/sudo | 560 | blacklist ${PATH}/sudo |
561 | blacklist ${PATH}/suexec | ||
539 | blacklist ${PATH}/tcpdump | 562 | blacklist ${PATH}/tcpdump |
563 | blacklist ${PATH}/traceroute | ||
540 | blacklist ${PATH}/umount | 564 | blacklist ${PATH}/umount |
541 | blacklist ${PATH}/unix_chkpwd | 565 | blacklist ${PATH}/unix_chkpwd |
566 | blacklist ${PATH}/wshowkeys | ||
542 | blacklist ${PATH}/xev | 567 | blacklist ${PATH}/xev |
543 | blacklist ${PATH}/xinput | 568 | blacklist ${PATH}/xinput |
544 | blacklist /usr/lib/openssh | 569 | blacklist /usr/lib/chromium/chrome-sandbox |
545 | blacklist /usr/lib/ssh | ||
546 | blacklist /usr/libexec/openssh | ||
547 | blacklist ${PATH}/passwd | ||
548 | blacklist /usr/lib/xorg/Xorg.wrap | ||
549 | blacklist /usr/lib/policykit-1/polkit-agent-helper-1 | ||
550 | blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper | 570 | blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper |
551 | blacklist /usr/lib/eject/dmcrypt-get-device | 571 | blacklist /usr/lib/eject/dmcrypt-get-device |
552 | blacklist /usr/lib/chromium/chrome-sandbox | 572 | blacklist /usr/lib/openssh |
553 | blacklist /usr/lib/opera/opera_sandbox | 573 | blacklist /usr/lib/opera/opera_sandbox |
554 | blacklist /usr/lib/vmware | 574 | blacklist /usr/lib/policykit-1/polkit-agent-helper-1 |
555 | blacklist ${PATH}/suexec | ||
556 | blacklist /usr/lib/squid/basic_pam_auth | 575 | blacklist /usr/lib/squid/basic_pam_auth |
557 | blacklist ${PATH}/slock | 576 | blacklist /usr/lib/ssh |
558 | blacklist ${PATH}/physlock | 577 | blacklist /usr/lib/vmware |
559 | blacklist ${PATH}/schroot | 578 | blacklist /usr/lib/xorg/Xorg.wrap |
560 | blacklist ${PATH}/wshowkeys | 579 | blacklist /usr/libexec/openssh |
561 | blacklist ${PATH}/pmount | ||
562 | blacklist ${PATH}/pumount | ||
563 | blacklist ${PATH}/bmon | ||
564 | blacklist ${PATH}/fping | ||
565 | blacklist ${PATH}/fping6 | ||
566 | blacklist ${PATH}/hostname | ||
567 | #blacklist ${PATH}/ip # breaks --ip=dhcp | ||
568 | blacklist ${PATH}/mtr | ||
569 | blacklist ${PATH}/mtr-packet | ||
570 | blacklist ${PATH}/netstat | ||
571 | blacklist ${PATH}/nm-online | ||
572 | blacklist ${PATH}/nmcli | ||
573 | blacklist ${PATH}/nmtui | ||
574 | blacklist ${PATH}/nmtui-connect | ||
575 | blacklist ${PATH}/nmtui-edit | ||
576 | blacklist ${PATH}/nmtui-hostname | ||
577 | blacklist ${PATH}/networkctl | ||
578 | blacklist ${PATH}/ss | ||
579 | blacklist ${PATH}/traceroute | ||
580 | # since firejail version 0.9.73 | 580 | # since firejail version 0.9.73 |
581 | blacklist ${PATH}/dpkg* | 581 | blacklist ${PATH}/dpkg* |
582 | blacklist ${PATH}/apt* | 582 | blacklist ${PATH}/apt* |