Package: gpsd Version: 3.25-5 Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
I tested the following systemd security settings and found them to allow normal operation on my system while providing less exposure to the system in the case of security issues. [Service] SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @swap UMask=077 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_NICE CAP_SYS_TIME CAP_SYS_TTY_CONFIG ProtectSystem=full ProtectKernelModules=false RestrictSUIDSGID=false NoNewPrivileges=true RestrictNamespaces=true ProtectKernelTunables=true MemoryDenyWriteExecute=true ProtectHome=true ProtectHostname=true ProtectKernelLogs=true PrivateTmp=true ProtectControlGroups=true PrivateDevices=false ProtectClock=false RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_PACKET AF_NETLINK LockPersonality=true SystemCallArchitectures=native -- System Information: Debian Release: trixie/sid Architecture: amd64 (x86_64) Kernel: Linux 6.12.9-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages gpsd depends on: ii adduser 3.137 ii libbluetooth3 5.79-1 ii libc6 2.40-6 ii libdbus-1-3 1.16.0-1 ii libgps30t64 3.25-5 ii libusb-1.0-0 2:1.0.27-1+b1 ii netbase 6.4 ii python3 3.13.1-2 ii systemd-sysv 257.2-3 Versions of packages gpsd recommends: ii gpsd-tools 3.25-5 ii udev 257.2-3 Versions of packages gpsd suggests: ii apparmor 3.1.7-1+b3 ii dbus 1.16.0-1 ii gpsd-clients 3.25-5 -- Configuration Files: /etc/default/gpsd changed: DEVICES="/dev/gps0" GPSD_OPTIONS="" USBAUTO="true" /etc/init.d/gpsd [Errno 13] Permission denied: '/etc/init.d/gpsd' -- debconf-show failed
