Since (re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security? - #18 by Patrick was recently implemented… (And after the recent firejail controversy in thread Tor Browser Hardening (hardened malloc, firejail, apparmor) vs Web Fingerprint …) Any idea ideas for this issue?
Remounting /home/user/.tb with exec (rather than noexec) for Tor Browser is possible. I am experimenting successfully wit that in Qubes-Whonix DispVM already. But remounting /home/user/.tb with exec or “don’t use Tor Browser anymore”, i.e. pick one “noexec or Tor Browser” isn’t a great solution.
That threat model I am having in mind here is an attacker who reached local code execution who would be blocked from exploiting from user to root or kernel thanks to noexec. This currently can be circumvented in a target attack:
(A script, not program, but easily reproducible to make the point.)
file /home/user/.tb/evil-program
#!/bin/bash
echo "evil program"
chmod +x /home/user/.tb/evil-program
run
/home/user/.tb/evil-program
I would like to somehow restrict that not “all of user user” can create and run executable in folder /home/user/.tb.