aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc
diff options
context:
space:
mode:
authorLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2023-10-15 12:00:03 +0000
committerLibravatar GitHub <noreply@github.com>2023-10-15 12:00:03 +0000
commit61d8d14ab7cc9f67fd7d148fa96e8ac64a0aeafe (patch)
tree91bb5a7125e7e66ac00a7fd1ca76c69e8ea31bfe /etc/inc
parentpavucontrol-qt: fix broken whitelisting in ${HOME} (#6045) (diff)
parentdisable-common.inc: add more suid programs (diff)
downloadfirejail-61d8d14ab7cc9f67fd7d148fa96e8ac64a0aeafe.tar.gz
firejail-61d8d14ab7cc9f67fd7d148fa96e8ac64a0aeafe.tar.zst
firejail-61d8d14ab7cc9f67fd7d148fa96e8ac64a0aeafe.zip
Merge pull request #6049 from kmk3/dc-add-more-suid
disable-common.inc: add more suid programs
Diffstat (limited to 'etc/inc')
-rw-r--r--etc/inc/disable-common.inc75
1 files changed, 39 insertions, 36 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 8dae97fe9..021c5bd20 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -504,6 +504,7 @@ blacklist /usr/sbin
504 504
505# system management and various SUID executables 505# system management and various SUID executables
506blacklist ${PATH}/at 506blacklist ${PATH}/at
507blacklist ${PATH}/bmon
507blacklist ${PATH}/busybox 508blacklist ${PATH}/busybox
508blacklist ${PATH}/chage 509blacklist ${PATH}/chage
509blacklist ${PATH}/chfn 510blacklist ${PATH}/chfn
@@ -512,71 +513,73 @@ blacklist ${PATH}/crontab
512blacklist ${PATH}/doas 513blacklist ${PATH}/doas
513blacklist ${PATH}/evtest 514blacklist ${PATH}/evtest
514blacklist ${PATH}/expiry 515blacklist ${PATH}/expiry
515blacklist ${PATH}/fusermount 516blacklist ${PATH}/fping
517blacklist ${PATH}/fping6
518blacklist ${PATH}/fusermount*
516blacklist ${PATH}/gksu 519blacklist ${PATH}/gksu
517blacklist ${PATH}/gksudo 520blacklist ${PATH}/gksudo
518blacklist ${PATH}/gpasswd 521blacklist ${PATH}/gpasswd
522blacklist ${PATH}/groupmems
523blacklist ${PATH}/hostname
524#blacklist ${PATH}/ip # breaks --ip=dhcp
519blacklist ${PATH}/kdesudo 525blacklist ${PATH}/kdesudo
520blacklist ${PATH}/ksu 526blacklist ${PATH}/ksu
521blacklist ${PATH}/mount 527blacklist ${PATH}/mount
522blacklist ${PATH}/mount.ecryptfs_private 528blacklist ${PATH}/mount.*
523blacklist ${PATH}/mountpoint 529blacklist ${PATH}/mountpoint
530blacklist ${PATH}/mtr
531blacklist ${PATH}/mtr-packet
524blacklist ${PATH}/nc 532blacklist ${PATH}/nc
525blacklist ${PATH}/nc.traditional
526blacklist ${PATH}/nc.openbsd 533blacklist ${PATH}/nc.openbsd
534blacklist ${PATH}/nc.traditional
527blacklist ${PATH}/ncat 535blacklist ${PATH}/ncat
528blacklist ${PATH}/nmap 536blacklist ${PATH}/netstat
537blacklist ${PATH}/networkctl
529blacklist ${PATH}/newgidmap 538blacklist ${PATH}/newgidmap
530blacklist ${PATH}/newgrp 539blacklist ${PATH}/newgrp
531blacklist ${PATH}/newuidmap 540blacklist ${PATH}/newuidmap
541blacklist ${PATH}/nm-online
542blacklist ${PATH}/nmap
543blacklist ${PATH}/nmcli
544blacklist ${PATH}/nmtui
545blacklist ${PATH}/nmtui-connect
546blacklist ${PATH}/nmtui-edit
547blacklist ${PATH}/nmtui-hostname
532blacklist ${PATH}/ntfs-3g 548blacklist ${PATH}/ntfs-3g
549blacklist ${PATH}/passwd
550blacklist ${PATH}/physlock
533blacklist ${PATH}/pkexec 551blacklist ${PATH}/pkexec
552blacklist ${PATH}/pmount
534blacklist ${PATH}/procmail 553blacklist ${PATH}/procmail
554blacklist ${PATH}/pumount
555blacklist ${PATH}/schroot
535blacklist ${PATH}/sg 556blacklist ${PATH}/sg
557blacklist ${PATH}/slock
558blacklist ${PATH}/ss
536blacklist ${PATH}/strace 559blacklist ${PATH}/strace
537blacklist ${PATH}/su 560blacklist ${PATH}/su
538blacklist ${PATH}/sudo 561blacklist ${PATH}/sudo
562blacklist ${PATH}/suexec
539blacklist ${PATH}/tcpdump 563blacklist ${PATH}/tcpdump
564blacklist ${PATH}/traceroute
540blacklist ${PATH}/umount 565blacklist ${PATH}/umount
541blacklist ${PATH}/unix_chkpwd 566blacklist ${PATH}/unix_chkpwd
567blacklist ${PATH}/wall
568blacklist ${PATH}/write
569blacklist ${PATH}/wshowkeys
542blacklist ${PATH}/xev 570blacklist ${PATH}/xev
543blacklist ${PATH}/xinput 571blacklist ${PATH}/xinput
544blacklist /usr/lib/openssh 572blacklist /usr/lib/chromium/chrome-sandbox
545blacklist /usr/lib/ssh
546blacklist /usr/libexec/openssh
547blacklist ${PATH}/passwd
548blacklist /usr/lib/xorg/Xorg.wrap
549blacklist /usr/lib/policykit-1/polkit-agent-helper-1
550blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper 573blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper
551blacklist /usr/lib/eject/dmcrypt-get-device 574blacklist /usr/lib/eject/dmcrypt-get-device
552blacklist /usr/lib/chromium/chrome-sandbox 575blacklist /usr/lib/openssh
553blacklist /usr/lib/opera/opera_sandbox 576blacklist /usr/lib/opera/opera_sandbox
554blacklist /usr/lib/vmware 577blacklist /usr/lib/policykit-1/polkit-agent-helper-1
555blacklist ${PATH}/suexec
556blacklist /usr/lib/squid/basic_pam_auth 578blacklist /usr/lib/squid/basic_pam_auth
557blacklist ${PATH}/slock 579blacklist /usr/lib/ssh
558blacklist ${PATH}/physlock 580blacklist /usr/lib/vmware
559blacklist ${PATH}/schroot 581blacklist /usr/lib/xorg/Xorg.wrap
560blacklist ${PATH}/wshowkeys 582blacklist /usr/libexec/openssh
561blacklist ${PATH}/pmount
562blacklist ${PATH}/pumount
563blacklist ${PATH}/bmon
564blacklist ${PATH}/fping
565blacklist ${PATH}/fping6
566blacklist ${PATH}/hostname
567#blacklist ${PATH}/ip # breaks --ip=dhcp
568blacklist ${PATH}/mtr
569blacklist ${PATH}/mtr-packet
570blacklist ${PATH}/netstat
571blacklist ${PATH}/nm-online
572blacklist ${PATH}/nmcli
573blacklist ${PATH}/nmtui
574blacklist ${PATH}/nmtui-connect
575blacklist ${PATH}/nmtui-edit
576blacklist ${PATH}/nmtui-hostname
577blacklist ${PATH}/networkctl
578blacklist ${PATH}/ss
579blacklist ${PATH}/traceroute
580# since firejail version 0.9.73 583# since firejail version 0.9.73
581blacklist ${PATH}/dpkg* 584blacklist ${PATH}/dpkg*
582blacklist ${PATH}/apt* 585blacklist ${PATH}/apt*
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 03:16:35 +0000