blacklisted common suid programms

author: valoq <valoq@mailbox.org> 2016-10-19 18:09:30 +0200
committer: valoq <valoq@mailbox.org> 2016-10-19 18:09:30 +0200
commit: b53b92cb0d21ca137b340c3d9a47a53d6cb00c45 (patch)
tree: c8b3703b49b56d2bd9ddb6aefb99f7f5b291721b /etc/disable-common.inc
parent: added profiles (diff)
download: firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.tar.gz
firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.tar.zst
firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 4f854c8d8..506d4e258 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -172,3 +172,29 @@ blacklist ${PATH}/roxterm-config
 blacklist ${PATH}/terminix
 blacklist ${PATH}/urxvtc
 blacklist ${PATH}/urxvtcd
+# disable common suid programms
+blacklist ${PATH}/firejail
+blacklist ${PATH}/sudo
+blacklist ${PATH}/su
+blacklist ${PATH}/mount
+blacklist ${PATH}/umount
+blacklist ${PATH}/fusermount
+blacklist ${PATH}/passwd
+blacklist ${PATH}/gpasswd
+blacklist ${PATH}/newgidmap
+blacklist ${PATH}/newgrp
+blacklist ${PATH}/newuidmap
+blacklist ${PATH}/pkexec
+blacklist ${PATH}/sg
+blacklist ${PATH}/rsh
+blacklist ${PATH}/rlogin
+blacklist ${PATH}/rcp
+blacklist ${PATH}/crontab
+blacklist ${PATH}/ksu
+blacklist ${PATH}/chsh
+blacklist ${PATH}/chfn
+blacklist ${PATH}/chage
+blacklist ${PATH}/expiry
+blacklist ${PATH}/ping
+blacklist ${PATH}/unix_chkpwd
author	valoq <valoq@mailbox.org>	2016-10-19 18:09:30 +0200
committer	valoq <valoq@mailbox.org>	2016-10-19 18:09:30 +0200
commit	b53b92cb0d21ca137b340c3d9a47a53d6cb00c45 (patch)
tree	c8b3703b49b56d2bd9ddb6aefb99f7f5b291721b /etc/disable-common.inc
parent	added profiles (diff)
download	firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.tar.gz firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.tar.zst firejail-b53b92cb0d21ca137b340c3d9a47a53d6cb00c45.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 4f854c8d8..506d4e258 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -172,3 +172,29 @@ blacklist ${PATH}/roxterm-config
172	blacklist ${PATH}/terminix	172	blacklist ${PATH}/terminix
173	blacklist ${PATH}/urxvtc	173	blacklist ${PATH}/urxvtc
174	blacklist ${PATH}/urxvtcd	174	blacklist ${PATH}/urxvtcd
		175
		176	# disable common suid programms
		177	blacklist ${PATH}/firejail
		178	blacklist ${PATH}/sudo
		179	blacklist ${PATH}/su
		180	blacklist ${PATH}/mount
		181	blacklist ${PATH}/umount
		182	blacklist ${PATH}/fusermount
		183	blacklist ${PATH}/passwd
		184	blacklist ${PATH}/gpasswd
		185	blacklist ${PATH}/newgidmap
		186	blacklist ${PATH}/newgrp
		187	blacklist ${PATH}/newuidmap
		188	blacklist ${PATH}/pkexec
		189	blacklist ${PATH}/sg
		190	blacklist ${PATH}/rsh
		191	blacklist ${PATH}/rlogin
		192	blacklist ${PATH}/rcp
		193	blacklist ${PATH}/crontab
		194	blacklist ${PATH}/ksu
		195	blacklist ${PATH}/chsh
		196	blacklist ${PATH}/chfn
		197	blacklist ${PATH}/chage
		198	blacklist ${PATH}/expiry
		199	blacklist ${PATH}/ping
		200	blacklist ${PATH}/unix_chkpwd