diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:20:04 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-10-11 07:26:43 -0300 |
| commit | c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a (patch) | |
| tree | 91bb5a7125e7e66ac00a7fd1ca76c69e8ea31bfe /etc/inc | |
| parent | disable-common.inc: sort suid section (diff) | |
| download | firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.tar.gz firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.tar.zst firejail-c4f5a07d20d989c1155fcd0fb863bbaa5d6ab36a.zip | |
disable-common.inc: add more suid programs
Programs:
$ pacman -Qo fusermount3 groupmems mount.cifs wall write
/usr/bin/fusermount3 is owned by fuse3 3.16.1-1
/usr/bin/groupmems is owned by shadow 4.14.0-4
/usr/bin/mount.cifs is owned by cifs-utils 7.0-3
/usr/bin/wall is owned by util-linux 2.39.2-1
/usr/bin/write is owned by util-linux 2.39.2-1
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/disable-common.inc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index d42ec5964..021c5bd20 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
| @@ -515,16 +515,17 @@ blacklist ${PATH}/evtest | |||
| 515 | blacklist ${PATH}/expiry | 515 | blacklist ${PATH}/expiry |
| 516 | blacklist ${PATH}/fping | 516 | blacklist ${PATH}/fping |
| 517 | blacklist ${PATH}/fping6 | 517 | blacklist ${PATH}/fping6 |
| 518 | blacklist ${PATH}/fusermount | 518 | blacklist ${PATH}/fusermount* |
| 519 | blacklist ${PATH}/gksu | 519 | blacklist ${PATH}/gksu |
| 520 | blacklist ${PATH}/gksudo | 520 | blacklist ${PATH}/gksudo |
| 521 | blacklist ${PATH}/gpasswd | 521 | blacklist ${PATH}/gpasswd |
| 522 | blacklist ${PATH}/groupmems | ||
| 522 | blacklist ${PATH}/hostname | 523 | blacklist ${PATH}/hostname |
| 523 | #blacklist ${PATH}/ip # breaks --ip=dhcp | 524 | #blacklist ${PATH}/ip # breaks --ip=dhcp |
| 524 | blacklist ${PATH}/kdesudo | 525 | blacklist ${PATH}/kdesudo |
| 525 | blacklist ${PATH}/ksu | 526 | blacklist ${PATH}/ksu |
| 526 | blacklist ${PATH}/mount | 527 | blacklist ${PATH}/mount |
| 527 | blacklist ${PATH}/mount.ecryptfs_private | 528 | blacklist ${PATH}/mount.* |
| 528 | blacklist ${PATH}/mountpoint | 529 | blacklist ${PATH}/mountpoint |
| 529 | blacklist ${PATH}/mtr | 530 | blacklist ${PATH}/mtr |
| 530 | blacklist ${PATH}/mtr-packet | 531 | blacklist ${PATH}/mtr-packet |
| @@ -563,6 +564,8 @@ blacklist ${PATH}/tcpdump | |||
| 563 | blacklist ${PATH}/traceroute | 564 | blacklist ${PATH}/traceroute |
| 564 | blacklist ${PATH}/umount | 565 | blacklist ${PATH}/umount |
| 565 | blacklist ${PATH}/unix_chkpwd | 566 | blacklist ${PATH}/unix_chkpwd |
| 567 | blacklist ${PATH}/wall | ||
| 568 | blacklist ${PATH}/write | ||
| 566 | blacklist ${PATH}/wshowkeys | 569 | blacklist ${PATH}/wshowkeys |
| 567 | blacklist ${PATH}/xev | 570 | blacklist ${PATH}/xev |
| 568 | blacklist ${PATH}/xinput | 571 | blacklist ${PATH}/xinput |