[Tails-dev] Sandbox uptime command so it displays nothing

Poista viesti

Vastaa
Lähettäjä: AW
Päiväys:  
Vastaanottaja: tails-dev
Aihe: [Tails-dev] Sandbox uptime command so it displays nothing
uptime command could be used by attacker to see how long they were on
tails for if they gained root. I don't see the need for this command
since tails is not a server.

/etc/apparmor.d/usr.bin.uptime

# AppArmor profile for the uptime command
#include <tunables/global>

/usr/bin/uptime {
# Deny access to /proc
deny /proc/** r,

# Allow execution of the uptime command
/usr/bin/uptime ix,

# Allow reading from /etc
/etc/** r,

# Allow reading from /usr
/usr/** r,

# Deny everything else
deny /** rwklm,
}


Might need to make this also /usr/local/bin/uptime

#!/bin/sh
# Make uptime say 0 uptime
exec /bin/echo "up 0 minutes"