Page MenuHomePhabricator

lock down interpreters / compilers (interpreter lock) (compiler lock)
Open, NormalPublic

Description

https://chromium.googlesource.com/chromiumos/docs/+/master/security/noexec_shell_scripts.md

https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707 should be implemented first before this one.

This could be implemented by removing read access for user user from interpreter's such as python and compilers such as gcc.

Interpreter lock might break many things. Not clear yet if this might become a default enabled feature.

Details

Impact
Normal

Event Timeline

Patrick triaged this task as Normal priority.Dec 5 2019, 3:51 PM
Patrick created this task.
Patrick renamed this task from lock down interpreters to lock down interpreters (interpreter lock).Dec 5 2019, 3:51 PM
Patrick updated the task description. (Show Details)Dec 5 2019, 4:07 PM
Patrick renamed this task from lock down interpreters (interpreter lock) to lock down interpreters / compilers (interpreter lock) (compiler lock).Dec 5 2019, 4:12 PM
Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)Dec 5 2019, 4:16 PM