Got the initial restricted file list setup; some things are missing because they may expose a security hole, and they need a further, more detailed wrapper (like mount, find, etc etc), because they expose both harmless read-only, and extremely damaging write functions.
This commit is contained in:
64
client/etc/restricted.d/base.bin.d
Normal file
64
client/etc/restricted.d/base.bin.d
Normal file
@@ -0,0 +1,64 @@
|
||||
/bin/arch
|
||||
/bin/basename
|
||||
/bin/cat
|
||||
/bin/chgrp
|
||||
/bin/chmod
|
||||
/bin/chown
|
||||
/bin/cp
|
||||
/bin/cpio
|
||||
/bin/cut
|
||||
/bin/dash
|
||||
/bin/date
|
||||
/bin/dd
|
||||
/bin/df
|
||||
/bin/dmesg
|
||||
/bin/dnsdomainname
|
||||
/bin/domainname
|
||||
/bin/dumpkeys
|
||||
/bin/echo
|
||||
/bin/ed
|
||||
/bin/egrep
|
||||
/bin/false
|
||||
/bin/fgrep
|
||||
/bin/findmnt
|
||||
/bin/grep
|
||||
/bin/gtar
|
||||
/bin/gunzip
|
||||
/bin/gzip
|
||||
/bin/hostname
|
||||
/bin/ipcalc
|
||||
/bin/keyctl
|
||||
/bin/link
|
||||
/bin/ln
|
||||
/bin/loadkeys
|
||||
/bin/ls
|
||||
/bin/lsblk
|
||||
/bin/mkdir
|
||||
/bin/mknod
|
||||
/bin/mktemp
|
||||
/bin/mv
|
||||
/bin/netstat
|
||||
/bin/nisdomainname
|
||||
/bin/ping
|
||||
/bin/ping6
|
||||
/bin/ps
|
||||
/bin/pwd
|
||||
/bin/readlink
|
||||
/bin/rm
|
||||
/bin/rmdir
|
||||
/bin/sed
|
||||
/bin/sleep
|
||||
/bin/sort
|
||||
/bin/sync
|
||||
/bin/tar
|
||||
/bin/touch
|
||||
/bin/tracepath
|
||||
/bin/tracepath6
|
||||
/bin/traceroute
|
||||
/bin/traceroute6
|
||||
/bin/true
|
||||
/bin/uname
|
||||
/bin/unlink
|
||||
/bin/usleep
|
||||
/bin/ypdomainname
|
||||
/bin/zcat
|
||||
Reference in New Issue
Block a user