From 5864e49d4f3e0d48ed8381aaaaba5906a837558d Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Sun, 7 Apr 2024 23:05:10 +0300
Subject: [PATCH] Remove SGID bits from /usr/bin/w{all,rite} (Slackware)

---
 tasks/filesystem.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tasks/filesystem.yml b/tasks/filesystem.yml
index 28f36f0..378f2df 100644
--- a/tasks/filesystem.yml
+++ b/tasks/filesystem.yml
@@ -147,6 +147,15 @@
         mode: u-s
         owner: root
         group: root
+    - name: Remove SGID bits from /usr/bin/w{all,rite}
+      ansible.builtin.file:
+        path: '{{ item }}'
+        mode: g-s
+        owner: root
+        group: root
+      with_items:
+        - /usr/bin/wall
+        - /usr/bin/write
 
 - name: Chmod sensitive files
   become: true