Enhanced Security via Mount Options and Compiler Restrictions

Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Upcoming security enhancements include mounting key directories with secure options and restricting compiler and interpreter access by default.

Upcoming Security Enhancements[edit]

Mounting Directories Securely[edit]

We are preparing to enhance system security by mounting important directories, such as /home/user, with the following options by default:

• noexec
• nodev
• nosuid

These options are designed to prevent the execution of binaries and scripts within these directories, reducing the risk of unauthorized or malicious code execution.

Restricting Compiler and Interpreter Access[edit]

Access to compilers and interpreters will also be restricted to minimize the risk of malicious code compilation and execution. These restrictions are part of our proactive approach to security.

Impact on Users and Workflows[edit]

While these measures will provide greater security, they may affect advanced users who rely on script execution in their home directories. We understand the potential for disruption and of course will provide options to opt-out.

Opting Out[edit]

Instructions for users who prefer to opt out of these settings will be provided. Detailed documentation will be available on our wiki well before these changes are implemented. Should there be sufficient demand, we may also offer packages or scripts to simplify the opt-out process.

Integration with Security Initiatives[edit]

These security improvements are integral to our broader security strategy, including:

• Kicksecure Security Roadmap
• Strong Linux User Account Isolation
• SUID Disabler and Permission Hardener
• Interpreter and Compiler Lockdown
• Multiple Boot Modes for Better Security: an Implementation of Untrusted Root

The goal is to fortify Linux user accounts against malware, making it difficult for a compromised account to affect others or to escape the virtual machine (VM) environment.

Commitment to User Freedom[edit]

Our commitment to No Intentional User Freedom Restrictions remains firm. Users retain the freedom to configure their systems as they see fit, in line with our core principles.

Additional Resources[edit]

For further details on these security measures and discussions around them, refer to:

• https://github.com/Kicksecure/security-misc/pull/139
• Dev/remount-secure
• Discussion on Secure Mount Options

References[edit]

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!