disable-shell.inc: add global shell paths from ids.config

Since /etc/profile is present, add the other shell-related paths in /etc that are listed on ids.config. Suggestion by @rusty-snake[1]. Relates to #5167 #5170. [1] https://github.com/netblue30/firejail/pull/5167#pullrequestreview-989621852
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2022-06-02 00:14:04 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2022-06-02 00:28:10 -0300
commit: 03af910fdcb5fbdc3b2bb00df716debf6593876d (patch)
tree: d618824fee09e6c3bd8d4815c6f48950c0ea92c4 /etc/inc/disable-shell.inc
parent: ids.config: sort global shell paths (diff)
download: firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.tar.gz
firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.tar.zst
firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.zip
1 files changed, 30 insertions, 0 deletions
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index 3f19cdcf9..b1bfcd161 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -13,5 +13,35 @@ blacklist ${PATH}/sh
 blacklist ${PATH}/tclsh
 blacklist ${PATH}/tcsh
 blacklist ${PATH}/zsh
+# Note: This list should be kept in sync with the one in ../ids.config.
+### shells global ###
+# all
+blacklist /etc/dircolors
+blacklist /etc/environment
 blacklist /etc/profile
 blacklist /etc/profile.d
+blacklist /etc/shells
+blacklist /etc/skel
+# bash
+blacklist /etc/bash
+blacklist /etc/bash.bashrc
+blacklist /etc/bash_completion*
+blacklist /etc/bashrc
+# fish
+blacklist /etc/fish
+# ksh
+blacklist /etc/ksh.kshrc
+blacklist /etc/suid_profile
+# tcsh
+blacklist /etc/complete.tcsh
+blacklist /etc/csh.cshrc
+blacklist /etc/csh.login
+blacklist /etc/csh.logout
+# zsh
+blacklist /etc/zlogin
+blacklist /etc/zlogout
+blacklist /etc/zprofile
+blacklist /etc/zsh
+blacklist /etc/zshenv
+blacklist /etc/zshrc
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-06-02 00:14:04 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-06-02 00:28:10 -0300
commit	03af910fdcb5fbdc3b2bb00df716debf6593876d (patch)
tree	d618824fee09e6c3bd8d4815c6f48950c0ea92c4 /etc/inc/disable-shell.inc
parent	ids.config: sort global shell paths (diff)
download	firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.tar.gz firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.tar.zst firejail-03af910fdcb5fbdc3b2bb00df716debf6593876d.zip

diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index 3f19cdcf9..b1bfcd161 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc
@@ -13,5 +13,35 @@ blacklist ${PATH}/sh
13	blacklist ${PATH}/tclsh	13	blacklist ${PATH}/tclsh
14	blacklist ${PATH}/tcsh	14	blacklist ${PATH}/tcsh
15	blacklist ${PATH}/zsh	15	blacklist ${PATH}/zsh
		16
		17	# Note: This list should be kept in sync with the one in ../ids.config.
		18	### shells global ###
		19	# all
		20	blacklist /etc/dircolors
		21	blacklist /etc/environment
16	blacklist /etc/profile	22	blacklist /etc/profile
17	blacklist /etc/profile.d	23	blacklist /etc/profile.d
		24	blacklist /etc/shells
		25	blacklist /etc/skel
		26	# bash
		27	blacklist /etc/bash
		28	blacklist /etc/bash.bashrc
		29	blacklist /etc/bash_completion*
		30	blacklist /etc/bashrc
		31	# fish
		32	blacklist /etc/fish
		33	# ksh
		34	blacklist /etc/ksh.kshrc
		35	blacklist /etc/suid_profile
		36	# tcsh
		37	blacklist /etc/complete.tcsh
		38	blacklist /etc/csh.cshrc
		39	blacklist /etc/csh.login
		40	blacklist /etc/csh.logout
		41	# zsh
		42	blacklist /etc/zlogin
		43	blacklist /etc/zlogout
		44	blacklist /etc/zprofile
		45	blacklist /etc/zsh
		46	blacklist /etc/zshenv
		47	blacklist /etc/zshrc