diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-19 14:46:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-19 14:46:24 -0400 |
commit | 0021c29f7f25a5020091182c690407a753f933e4 (patch) | |
tree | 3f3eb4172c96cc6f92ddfa636053d19c7e55f1ab /todo | |
parent | testing (diff) | |
download | firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.gz firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.zst firejail-0021c29f7f25a5020091182c690407a753f933e4.zip |
fixed join/shutdown problem, moving browsers and mail clients to a --shell=none default in profile files
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -69,5 +69,18 @@ profile_syntax.exp (profile syntax) | |||
69 | fs_chroot.exp (chroot as user) | 69 | fs_chroot.exp (chroot as user) |
70 | private-etc.exp | 70 | private-etc.exp |
71 | 71 | ||
72 | 8. Disable /dev/tcp in bash. Compiled time: --enable-net-redirections, --disable-net-redirections | ||
73 | ksh and zsh seem to have it. | ||
72 | 74 | ||
75 | Tests: | ||
76 | a) | ||
77 | cat </dev/tcp/time.nist.gov/13 | ||
78 | |||
79 | b) | ||
80 | exec 3<>/dev/tcp/www.google.com/80 | ||
81 | echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3 | ||
82 | cat <&3 | ||
83 | |||
84 | c) A list of attacks | ||
85 | http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/ | ||
73 | 86 | ||