Kernel Hardening - security-misc

pkexec is used internally by a bunch of applications like cannot use pkexec - #3 by AnonymousUser

Yes, SUID in sudo should stay.

Yes, the commands are executed in order so as long as the sudo line is below the lines that remove SUID, we’ll be fine.

We can create a /etc/permission-hardening.d/ directory for configuration snippets. Maybe create a systemd service to create /etc/permission-hardening.d/no-sudo.conf or similar.

1 Like