著者: AW 日付: To: tails-dev 題目: [Tails-dev] Sandbox uptime command so it displays nothing
uptime command could be used by attacker to see how long they were on
tails for if they gained root. I don't see the need for this command
since tails is not a server.
/etc/apparmor.d/usr.bin.uptime
# AppArmor profile for the uptime command
#include <tunables/global>
/usr/bin/uptime {
# Deny access to /proc
deny /proc/** r,
# Allow execution of the uptime command
/usr/bin/uptime ix,
# Allow reading from /etc
/etc/** r,
# Allow reading from /usr
/usr/** r,
# Deny everything else
deny /** rwklm,
}
Might need to make this also /usr/local/bin/uptime
#!/bin/sh
# Make uptime say 0 uptime
exec /bin/echo "up 0 minutes"
