diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-10-01 11:23:56 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-07-14 08:08:47 -0300 |
commit | 580283d74b4e6cd425960d336cb0a5296ae36a68 (patch) | |
tree | 828ec892bad07c4ae166637bccdc371e9715d594 /src | |
parent | Merge pull request #5881 from glitsj16/rssguard (diff) | |
download | firejail-580283d74b4e6cd425960d336cb0a5296ae36a68.tar.gz firejail-580283d74b4e6cd425960d336cb0a5296ae36a68.tar.zst firejail-580283d74b4e6cd425960d336cb0a5296ae36a68.zip |
disable-common.inc: blacklist sudo/doas paths in /etc
Commands used to find the relevant paths in /etc:
$ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
/etc/pam.d/ is owned by sudo 1.9.14.p1-1
/etc/sudo.conf is owned by sudo 1.9.14.p1-1
/etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
/etc/sudoers is owned by sudo 1.9.14.p1-1
/etc/sudoers.d/ is owned by sudo 1.9.14.p1-1
Environment: Artix Linux.
Also, add missing paths sudo/doas to etc/ids.config and jailcheck.
See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).
Relates to #5385.
Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
Diffstat (limited to 'src')
-rw-r--r-- | src/jailcheck/main.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 27da309ea..93d334c7a 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c | |||
@@ -120,6 +120,7 @@ int main(int argc, char **argv) { | |||
120 | // basic sysfiles | 120 | // basic sysfiles |
121 | sysfiles_setup("/etc/shadow"); | 121 | sysfiles_setup("/etc/shadow"); |
122 | sysfiles_setup("/etc/gshadow"); | 122 | sysfiles_setup("/etc/gshadow"); |
123 | sysfiles_setup("/usr/bin/doas"); | ||
123 | sysfiles_setup("/usr/bin/mount"); | 124 | sysfiles_setup("/usr/bin/mount"); |
124 | sysfiles_setup("/usr/bin/su"); | 125 | sysfiles_setup("/usr/bin/su"); |
125 | sysfiles_setup("/usr/bin/ksu"); | 126 | sysfiles_setup("/usr/bin/ksu"); |