adding more SUID executables to disable-common.inc

author: netblue30 <netblue30@protonmail.com> 2021-11-04 14:35:08 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-11-04 14:35:08 -0400
commit: d681e0e2d9548c56bf67131b9fe4a75d8e1b9060 (patch)
tree: 7c5d2dc58bfc53f1daaf2791c3a01e5ec8eeff3f /etc/inc/disable-common.inc
parent: README: bump debian stable codename (diff)
download: firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.tar.gz
firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.tar.zst
firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index ae84ee38a..f3d685d18 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -458,7 +458,7 @@ blacklist /sbin
 blacklist /usr/local/sbin
 blacklist /usr/sbin
-# system management
+# system management and various SUID executables
 blacklist ${PATH}/at
 blacklist ${PATH}/busybox
 blacklist ${PATH}/chage
@@ -493,6 +493,12 @@ blacklist ${PATH}/umount
 blacklist ${PATH}/unix_chkpwd
 blacklist ${PATH}/xev
 blacklist ${PATH}/xinput
+blacklist /usr/lib/openssh/ssh-keysign
+blacklist ${PATH}/passwd
+blacklist /usr/lib/xorg/Xorg.wrap
+blacklist /usr/lib/policykit-1/polkit-agent-helper-1
+blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper
+blacklist /usr/lib/eject/dmcrypt-get-device
 # other SUID binaries
 blacklist /usr/lib/virtualbox
author	netblue30 <netblue30@protonmail.com>	2021-11-04 14:35:08 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-11-04 14:35:08 -0400
commit	d681e0e2d9548c56bf67131b9fe4a75d8e1b9060 (patch)
tree	7c5d2dc58bfc53f1daaf2791c3a01e5ec8eeff3f /etc/inc/disable-common.inc
parent	README: bump debian stable codename (diff)
download	firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.tar.gz firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.tar.zst firejail-d681e0e2d9548c56bf67131b9fe4a75d8e1b9060.zip