mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2025-02-20 18:31:35 -05:00
Merge branch 'main' into chromeos-jackwagonism
This commit is contained in:
wj25czxj47bu6q
GitHub
commit
c96ea9f568
@ -1,6 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
curl -L -s https://api.github.com/repos/gohugoio/hugo/releases/latest | grep "browser_download_url.*extended.*linux-amd64.tar.gz" | cut -d : -f 2,3 | sed 's/"//g' | xargs wget
|
||||
#curl -L -s https://api.github.com/repos/gohugoio/hugo/releases/latest | grep "browser_download_url.*extended.*linux-amd64.tar.gz" | cut -d : -f 2,3 | sed 's/"//g' | xargs wget
|
||||
|
||||
wget https://github.com/gohugoio/hugo/releases/download/v0.119.0/hugo_0.119.0_Linux-64bit.tar.gz
|
||||
|
||||
tar xvf ./*.tar.gz
|
||||
chmod u+x ./hugo
|
||||
|
||||
@ -210,6 +210,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak
|
||||
### Germany
|
||||
|
||||
- [1822direkt Banking](https://play.google.com/store/apps/details?id=de.direkt1822.banking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/167)
|
||||
- [1822direkt QRTAN+](https://play.google.com/store/apps/details?id=de.direkt1822.qrtanplus) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/438)
|
||||
- [1822TAN+](https://play.google.com/store/apps/details?id=de.direkt1822.tanplus) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/368)
|
||||
- [apoTAN](https://play.google.com/store/apps/details?id=com.apobank_apotanplus) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/428)
|
||||
- [C24 Bank](https://play.google.com/store/apps/details?id=de.c24.bankapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/380)
|
||||
@ -236,6 +237,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak
|
||||
- [Penta — Business Banking App](https://play.google.com/store/apps/details?id=com.getpenta.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/24)
|
||||
- [PSD Banking](https://play.google.com/store/apps/details?id=de.psd.banking.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/159)
|
||||
- [Santander Banking](https://play.google.com/store/apps/details?id=de.santander.presentation) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/119)
|
||||
- [SecureGo+ Renault Bank direkt](https://play.google.com/store/apps/details?id=de.renaultbankdirekt.securego) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/439)
|
||||
- [SecureGo plus](https://play.google.com/store/apps/details?id=de.fiduciagad.securego.wl) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/161)
|
||||
- [SMARTBROKER+ Aktien & ETF](https://play.google.com/store/apps/details?id=de.smartbroker) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/394)
|
||||
- [Sparkasse Ihre mobile Filiale](https://play.google.com/store/apps/details?id=com.starfinanz.smob.android.sfinanzstatus) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/44)
|
||||
@ -294,12 +296,12 @@ TEST: Test url again after removing the parameters and verify there is no mistak
|
||||
|
||||
### Israel
|
||||
|
||||
- [Bit ביט](https://play.google.com/store/apps/details?id=com.bnhp.payments.paymentsapp&hl=en&gl=US) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/221)
|
||||
- [כאל- הטבות, מידע, אשראי](https://play.google.com/store/apps/details?id=com.onoapps.cal4u&hl=he&gl=US) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/217)
|
||||
- [ישראכרט - ארנקים, אשראי והטבות](https://play.google.com/store/apps/details?id=com.isracard.hatavot&hl=he&gl=US) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/219)
|
||||
- [Max](https://play.google.com/store/apps/details?id=com.ideomobile.leumicard) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/218)
|
||||
- [פייבוקס ארנק דיגיטלי - PayBox](https://play.google.com/store/apps/details?id=com.payboxapp&hl=he&gl=US) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/220)
|
||||
- [בנק דיסקונט](https://play.google.com/store/apps/details?id=com.ideomobile.discount&hl=he&gl=US) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/223)
|
||||
- [Bit ביט](https://play.google.com/store/apps/details?id=com.bnhp.payments.paymentsapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/221)
|
||||
- [כאל- הטבות, מידע, אשראי](https://play.google.com/store/apps/details?id=com.onoapps.cal4u) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/217)
|
||||
- [ישראכרט - ארנקים, אשראי והטבות](https://play.google.com/store/apps/details?id=com.isracard.hatavot) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/219)
|
||||
- [max](https://play.google.com/store/apps/details?id=com.ideomobile.leumicard) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/218)
|
||||
- [פייבוקס ארנק דיגיטלי - PayBox](https://play.google.com/store/apps/details?id=com.payboxapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/220)
|
||||
- [בנק דיסקונט](https://play.google.com/store/apps/details?id=com.ideomobile.discount) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/223)
|
||||
|
||||
### Italy
|
||||
|
||||
@ -451,6 +453,11 @@ TEST: Test url again after removing the parameters and verify there is no mistak
|
||||
- [하나은행 - Hanabank](https://play.google.com/store/apps/details?id=com.kebhana.hanapush) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/259)
|
||||
- [웰컴디지털뱅크](https://play.google.com/store/apps/details?id=kr.co.welcomebank.omb) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/260)
|
||||
- [우리WON뱅킹](https://play.google.com/store/apps/details?id=com.wooribank.smart.npib) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/261)
|
||||
- ~~[토스](https://play.google.com/store/apps/details?id=viva.republica.toss)~~ - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/432)
|
||||
- [KB국민은행 스타뱅킹](https://play.google.com/store/apps/details?id=com.kbstar.kbbank) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/433)
|
||||
- [신한 SOL뱅크-신한은행 스마트폰 뱅킹](https://play.google.com/store/apps/details?id=com.shinhan.sbanking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/434)
|
||||
- [삼성카드](https://play.google.com/store/apps/details?id=kr.co.samsungcard.mpocket) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/435)
|
||||
- [네이버페이](https://play.google.com/store/apps/details?id=com.naverfin.payapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/436)
|
||||
- [PAYCO](https://play.google.com/store/apps/details?id=com.nhnent.payapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/262)
|
||||
|
||||
### Spain
|
||||
@ -529,6 +536,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak
|
||||
- [Barclays](https://play.google.com/store/apps/details?id=com.barclays.android.barclaysmobilebanking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/341)
|
||||
- [Capital On Tap](https://play.google.com/store/apps/details?id=com.cot.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/424)
|
||||
- [Chase UK](https://play.google.com/store/apps/details?id=com.chase.intl) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/69)
|
||||
- [Chip - Savings and Investments](https://play.google.com/store/apps/details?id=to.chip.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/440)
|
||||
- [Coventry Building Society](https://play.google.com/store/apps/details?id=com.cbs.prod) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/423)
|
||||
- [The Co-operative Bank](https://play.google.com/store/apps/details?id=com.cooperativebank.bank) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/205)
|
||||
- [first direct](https://play.google.com/store/apps/details?id=com.firstdirect.bankingonthego) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/128)
|
||||
|
||||
@ -102,8 +102,8 @@ Some sandboxing solutions for desktop Linux distributions do exist; however, the
|
||||
You can restrict applications further by setting [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command line or by using [Flatseal](https://github.com/tchx84/Flatseal). To deny common dangerous Flatpak permissions globally, run the following commands:
|
||||
|
||||
```bash
|
||||
sudo flatpak override --system --nosocket=x11 --nosocket=fallback-x11 --nosocket=pulseaudio --unshare=network --unshare=ipc --nofilesystem=host:reset --nodevice=input --nodevice=shm --nodevice=all --no-talk-name=org.freedesktop.Flatpak --no-talk-name=org.freedesktop.systemd1 --no-talk-name=ca.desrt.dconf --no-talk-name=org.gnome.Shell.Extensions
|
||||
flatpak override --user --nosocket=x11 --nosocket=fallback-x11 --nosocket=pulseaudio --unshare=network --unshare=ipc --nofilesystem=host:reset --nodevice=input --nodevice=shm --nodevice=all --no-talk-name=org.freedesktop.Flatpak --no-talk-name=org.freedesktop.systemd1 --no-talk-name=ca.desrt.dconf --no-talk-name=org.gnome.Shell.Extensions
|
||||
sudo flatpak override --system --nosocket=x11 --nosocket=fallback-x11 --nosocket=pulseaudio --nosocket=session-bus --nosocket=system-bus --unshare=network --unshare=ipc --nofilesystem=host:reset --nodevice=input --nodevice=shm --nodevice=all --no-talk-name=org.freedesktop.Flatpak --no-talk-name=org.freedesktop.systemd1 --no-talk-name=ca.desrt.dconf --no-talk-name=org.gnome.Shell.Extensions
|
||||
flatpak override --user --nosocket=x11 --nosocket=fallback-x11 --nosocket=pulseaudio --nosocket=session-bus --nosocket=system-bus --unshare=network --unshare=ipc --nofilesystem=host:reset --nodevice=input --nodevice=shm --nodevice=all --no-talk-name=org.freedesktop.Flatpak --no-talk-name=org.freedesktop.systemd1 --no-talk-name=ca.desrt.dconf --no-talk-name=org.gnome.Shell.Extensions
|
||||
```
|
||||
|
||||
To allow Flatseal to function after applying the overrides above, run the following command:
|
||||
@ -118,6 +118,8 @@ Some sensitive permissions of note:
|
||||
|
||||
- `--share=network`: network and internet access
|
||||
- `--socket=pulseaudio`: the PulseAudio socket, grants access to all audio devices (including inputs)
|
||||
- `--socket=session-bus`: access to the entire session bus, which can be used to break out of the sandbox by abusing dangerous D‑Buses.
|
||||
- `--socket=system-bus`: access to the entire system bus, which can be used to break out of the sandbox by abusing dangerous D‑Buses.
|
||||
- `--device=all`: access to all devices (including webcams)
|
||||
- `--talk-name=org.freedesktop.secrets`: D‑Bus access to secrets stored on your keychain
|
||||
- `--talk-name=org.freedesktop.Flatpak`: D‑Bus access to run `flatpak run`. This D‑Bus is a sandbox escape.
|
||||
|
||||
@ -136,7 +136,7 @@ After ensuring root isn't used in your containers, you should look into setting
|
||||
|
||||
```
|
||||
security_opt:
|
||||
- no-new-privileges: true
|
||||
- "no-new-privileges:true"
|
||||
```
|
||||
|
||||
Gaining privileges in the container will be much harder that way.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user