diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-13 12:10:50 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-13 12:10:50 -0400 |
| commit | f4c4140b4eb405172afe4755464f8af10e58350b (patch) | |
| tree | a6f36c70a964a0591e806aeabe87e46631c321eb /todo | |
| parent | whitelist rework (diff) | |
| download | firejail-f4c4140b4eb405172afe4755464f8af10e58350b.tar.gz firejail-f4c4140b4eb405172afe4755464f8af10e58350b.tar.zst firejail-f4c4140b4eb405172afe4755464f8af10e58350b.zip | |
todo
Diffstat (limited to 'todo')
| -rw-r--r-- | todo | 17 |
1 files changed, 17 insertions, 0 deletions
| @@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock | |||
| 218 | 218 | ||
| 219 | extract env for process | 219 | extract env for process |
| 220 | ps e -p <pid> | sed 's/ /\n/g' | 220 | ps e -p <pid> | sed 's/ /\n/g' |
| 221 | |||
| 222 | |||
| 223 | 20. check default disable - from grsecurity | ||
| 224 | |||
| 225 | GRKERNSEC_HIDESYM | ||
| 226 | /proc/kallsyms and other files | ||
| 227 | |||
| 228 | GRKERNSEC_PROC_USER | ||
| 229 | If you say Y here, non-root users will only be able to view their own | ||
| 230 | processes, and restricts them from viewing network-related information, | ||
| 231 | and viewing kernel symbol and module information. | ||
| 232 | |||
| 233 | GRKERNSEC_PROC_ADD | ||
| 234 | If you say Y here, additional restrictions will be placed on | ||
| 235 | /proc that keep normal users from viewing device information and | ||
| 236 | slabinfo information that could be useful for exploits. | ||
| 237 | |||