The officially official Devuan Forum!

You are not logged in.

#1 2022-07-16 11:02:40

pcalvert
Member
Registered: 2017-05-15
Posts: 216  

Executables in home directory

I was just digging around in my home directory and noticed that some software puts executable files in there, which is something that I'm not a fan of. I like to put home on a separate partition that is marked "nosuid, noexec" in the fstab file. Obviously, this will cause problems for executable files that are in my home directory.

So far, these are the places where I've found executable files:

~/bin
~/.local/bin
~/.wine

Does anyone know if there are any others? My original plan was to move these to a directory on the root (system) partition and replace the originals with symbolic links. I'll probably do that if I can depend on executable files to only be present in a few, predictable locations in my home directory.

By the way, the reason for doing this is that I have a personal security policy, and part of that policy is that "threat gate" applications like web browsers, email clients, etc., should not have write access to any file system where files can be executed. That way, if any malicious code (e.g., a malware "dropper") is written to disk, that code will not be allowed to execute.

Last edited by pcalvert (2022-07-16 12:44:00)


Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Another one is called Luxxle.

Offline

#2 2022-07-16 16:18:51

chris2be8
Member
Registered: 2018-08-11
Posts: 307  

Re: Executables in home directory

Check your path with echo $PATH (that's the most likely case).

But of course a "dropper" might well try to put things into somewhere in your path where it might get executed without you realising it. You might be better off copying from ~/bin etc every so often, *after checking what you are about to copy is OK*.

Offline

#3 2022-07-17 15:15:44

pcalvert
Member
Registered: 2017-05-15
Posts: 216  

Re: Executables in home directory

Hi Chris,

Thank you for your suggestions. My plan is to move those directories immediately after installation, while the system is offline, so the risk of malware ever being able to write to those directories should be very, very small.


Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Another one is called Luxxle.

Offline

Board footer