Got the initial restricted file list setup; some things are missing because they may expose a security hole, and they need a further, more detailed wrapper (like mount, find, etc etc), because they expose both harmless read-only, and extremely damaging write functions.
This commit is contained in:
146
client/etc/restricted.d/base.usr.bin.d
Normal file
146
client/etc/restricted.d/base.usr.bin.d
Normal file
@@ -0,0 +1,146 @@
|
||||
/usr/bin/attr
|
||||
/usr/bin/base64
|
||||
/usr/bin/bashbug-32
|
||||
/usr/bin/bc
|
||||
/usr/bin/bunzip2
|
||||
/usr/bin/bzcat
|
||||
/usr/bin/bzcmp
|
||||
/usr/bin/bzdiff
|
||||
/usr/bin/bzgrep
|
||||
/usr/bin/bzip2
|
||||
/usr/bin/bzip2recover
|
||||
/usr/bin/bzless
|
||||
/usr/bin/bzmore
|
||||
/usr/bin/chacl
|
||||
/usr/bin/chage
|
||||
/usr/bin/chattr
|
||||
/usr/bin/chcon
|
||||
/usr/bin/chfn
|
||||
/usr/bin/chvt
|
||||
/usr/bin/clear
|
||||
/usr/bin/cmp
|
||||
/usr/bin/crontab
|
||||
/usr/bin/cut
|
||||
/usr/bin/diff
|
||||
/usr/bin/diff3
|
||||
/usr/bin/dig
|
||||
/usr/bin/dir
|
||||
/usr/bin/dircolors
|
||||
/usr/bin/dirname
|
||||
/usr/bin/du
|
||||
/usr/bin/expand
|
||||
/usr/bin/expr
|
||||
/usr/bin/file
|
||||
/usr/bin/find-repos-of-install
|
||||
/usr/bin/fmt
|
||||
/usr/bin/fold
|
||||
/usr/bin/free
|
||||
/usr/bin/funzip
|
||||
/usr/bin/getent
|
||||
/usr/bin/getfacl
|
||||
/usr/bin/getfattr
|
||||
/usr/bin/gethostip
|
||||
/usr/bin/getkeycodes
|
||||
/usr/bin/getopt
|
||||
/usr/bin/gpasswd
|
||||
/usr/bin/gpg
|
||||
/usr/bin/gpg2
|
||||
/usr/bin/gpgconf
|
||||
/usr/bin/gpg-error
|
||||
/usr/bin/gpgkey2ssh
|
||||
/usr/bin/groups
|
||||
/usr/bin/gunzip
|
||||
/usr/bin/gzip
|
||||
/usr/bin/head
|
||||
/usr/bin/hexdump
|
||||
/usr/bin/host
|
||||
/usr/bin/hostid
|
||||
/usr/bin/iconv
|
||||
/usr/bin/id
|
||||
/usr/bin/install
|
||||
/usr/bin/install-catalog
|
||||
/usr/bin/iostat
|
||||
/usr/bin/join
|
||||
/usr/bin/last
|
||||
/usr/bin/lastlog
|
||||
/usr/bin/locale
|
||||
/usr/bin/localedef
|
||||
/usr/bin/locate
|
||||
/usr/bin/logger
|
||||
/usr/bin/lsattr
|
||||
/usr/bin/lscpu
|
||||
/usr/bin/lsusb
|
||||
/usr/bin/md5sum
|
||||
/usr/bin/mkfifo
|
||||
/usr/bin/mkisofs
|
||||
/usr/bin/needs-restarting
|
||||
/usr/bin/nslookup
|
||||
/usr/bin/ntpstat
|
||||
/usr/bin/openssl
|
||||
/usr/bin/passwd
|
||||
/usr/bin/paste
|
||||
/usr/bin/pidstat
|
||||
/usr/bin/pr
|
||||
/usr/bin/printenv
|
||||
/usr/bin/printf
|
||||
/usr/bin/pstree
|
||||
/usr/bin/quota
|
||||
/usr/bin/rdate
|
||||
/usr/bin/readelf
|
||||
/usr/bin/readlink
|
||||
/usr/bin/rename
|
||||
/usr/bin/rpm2cpio
|
||||
/usr/bin/rpmdb
|
||||
/usr/bin/rpmdumpheader
|
||||
/usr/bin/rpmquery
|
||||
/usr/bin/rpmsign
|
||||
/usr/bin/rpmverify
|
||||
/usr/bin/rsync
|
||||
/usr/bin/scp
|
||||
/usr/bin/script
|
||||
/usr/bin/scriptreplay
|
||||
/usr/bin/seq
|
||||
/usr/bin/sha1sum
|
||||
/usr/bin/sha224sum
|
||||
/usr/bin/sha256sum
|
||||
/usr/bin/sha384sum
|
||||
/usr/bin/sha512sum
|
||||
/usr/bin/showkey
|
||||
/usr/bin/shred
|
||||
/usr/bin/shuf
|
||||
/usr/bin/size
|
||||
/usr/bin/split
|
||||
/usr/bin/sqlite3
|
||||
/usr/bin/ssh-keygen
|
||||
/usr/bin/stat
|
||||
/usr/bin/sum
|
||||
/usr/bin/tac
|
||||
/usr/bin/tail
|
||||
/usr/bin/tailf
|
||||
/usr/bin/tee
|
||||
/usr/bin/test
|
||||
/usr/bin/tr
|
||||
/usr/bin/tree
|
||||
/usr/bin/truncate
|
||||
/usr/bin/tsort
|
||||
/usr/bin/tty
|
||||
/usr/bin/ul
|
||||
/usr/bin/unexpand
|
||||
/usr/bin/uniq
|
||||
/usr/bin/unlzma
|
||||
/usr/bin/unzip
|
||||
/usr/bin/unzipsfx
|
||||
/usr/bin/updatedb
|
||||
/usr/bin/uptime
|
||||
/usr/bin/users
|
||||
/usr/bin/uuidgen
|
||||
/usr/bin/vmstat
|
||||
/usr/bin/w
|
||||
/usr/bin/wc
|
||||
/usr/bin/whatis
|
||||
/usr/bin/whereis
|
||||
/usr/bin/which
|
||||
/usr/bin/who
|
||||
/usr/bin/whoami
|
||||
/usr/bin/wnck-urgency-monitor
|
||||
/usr/bin/zip
|
||||
Reference in New Issue
Block a user