Page MenuHomePhabricator
Create Task
Maniphest T941

lock down interpreters / compilers (interpreter lock) (compiler lock)
Open, NormalPublic
Actions

Description

https://chromium.googlesource.com/chromiumos/docs/+/master/security/noexec_shell_scripts.md

https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707 should be implemented first before this one.

This could be implemented by removing read access for user user from interpreter's such as python and compilers such as gcc.

Interpreter lock might break many things. Not clear yet if this might become a default enabled feature.

Details

Impact
Normal

Event Timeline

Patrick triaged this task as Normal priority.Dec 5 2019, 2:51 PM
Patrick created this task.
Herald added a project: Whonix. · View Herald TranscriptDec 5 2019, 2:51 PM
Herald added a subscriber: entr0py. · View Herald Transcript
Patrick renamed this task from lock down interpreters to lock down interpreters (interpreter lock).Dec 5 2019, 2:51 PM
Patrick updated the task description. (Show Details)Dec 5 2019, 3:07 PM
Patrick renamed this task from lock down interpreters (interpreter lock) to lock down interpreters / compilers (interpreter lock) (compiler lock).Dec 5 2019, 3:12 PM
Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)Dec 5 2019, 3:16 PM
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer