Since (re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security? - #18 by Patrick was recently implemented… (And after the recent firejail controversy in thread Tor Browser Hardening (hardened malloc, firejail, apparmor) vs Web Fingerprint …) Any idea ideas for this issue?
Remounting /home/user/.tb
with exec
(rather than noexec
) for Tor Browser is possible. I am experimenting successfully wit that in Qubes-Whonix DispVM already. But remounting /home/user/.tb
with exec
or “don’t use Tor Browser anymore”, i.e. pick one “noexec
or Tor Browser” isn’t a great solution.
That threat model I am having in mind here is an attacker who reached local code execution who would be blocked from exploiting from user to root or kernel thanks to noexec
. This currently can be circumvented in a target attack:
(A script, not program, but easily reproducible to make the point.)
file /home/user/.tb/evil-program
#!/bin/bash
echo "evil program"
chmod +x /home/user/.tb/evil-program
run
/home/user/.tb/evil-program
I would like to somehow restrict that not “all of user user
” can create and run executable in folder /home/user/.tb
.