Live mode currently does not disable virtual machine shared folders.
Added to comparison table here:
And asked about it here just now:
Agreed. Data in virtual machine shared folder shouldn’t be processed by default. This is already the case. I wouldn’t know what would process it.
noexec for shared folder is a good idea. It is already noted here: (re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security?
They’re not automatically mounted. A root user or malware with root rights could mount these and write to it. This is illustrated in the comparison table here: grub-live - boot an existing Host OS or VM into Live Mode
This could be parially taken care of (root user) by booting into non-root mode (this forum thread). A root exploit can always undo that though.
Yes, that’s the idea.
Indeed. Good point. Yes, this should be documented.
[A] Also when work on Whonix Host progressed, we could add a starter/script which will help the user with such configurations for better usability.
That’s what this very forum thread is for. Help welcome.
Possibly yes. Both, VirtualBox and KVM support serial console.
Once we have that working, this might be automated with a script. Related to [A].