[Tails-dev] Sandbox uptime command so it displays nothing

Wiadomość jest częścią wątku:
M\pełne drzewo wątku posortowane wg daty
MM 
David A. Wheeler at ->
Delete this message

Reply to this message
Autor: AW
Data:  
Dla: tails-dev
Temat: [Tails-dev] Sandbox uptime command so it displays nothing
uptime command could be used by attacker to see how long they were on
tails for if they gained root. I don't see the need for this command
since tails is not a server.

/etc/apparmor.d/usr.bin.uptime

# AppArmor profile for the uptime command
#include <tunables/global>

/usr/bin/uptime {
# Deny access to /proc
deny /proc/** r,

# Allow execution of the uptime command
/usr/bin/uptime ix,

# Allow reading from /etc
/etc/** r,

# Allow reading from /usr
/usr/** r,

# Deny everything else
deny /** rwklm,
}


Might need to make this also /usr/local/bin/uptime

#!/bin/sh
# Make uptime say 0 uptime
exec /bin/echo "up 0 minutes"
Wiadomość została wysłana do następujących list mailowych:
tails-dev
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [Tails-dev] send-later Thunderbird add-onRe: [Tails-dev] Sandbox uptime command so it displays nothing->
lists.autistici.org administrowana przez postmasterLurker (wersja 2.3)