opened 11:29AM - 18 Sep 19 UTC
T: enhancement
C: templates
security
P: default
These folders
* /tmp
* /var/tmp
* /dev/shm
are user writable.
Similar… to
* https://github.com/QubesOS/qubes-issues/issues/5263
* https://github.com/tasket/Qubes-VM-hardening/issues/41
[Quote](https://github.com/QubesOS/qubes-issues/issues/2695#issuecomment-301316132) Joanna (founder of Qubes OS):
> I've been recently talking about this with Solar Designer of Openwall (a person who probably knows more about Linux security model than most of us together)
[Quote](https://github.com/QubesOS/qubes-issues/issues/2695#issuecomment-301320361
) solar:
> Ideally, there should be no SUID binaries reachable from the user account, as otherwise significant extra attack surface inside the VM is exposed (dynamic linker, libc startup, portions of Linux kernel including ELF loader, etc.)
Therefore I concluded:
SUID has to go away.
At least user (speak: possibly malware) created SUID should be prevented form being easily executed.
[Getting rid of SUID binaries which are installed by default is worthwhile too but less trivial.](https://forums.whonix.org/t/disable-suid-binaries/7706) Therefore out of scope for this ticket.