Because uh every OS on earth has the exact same vulnerabilities? How are you supposed to stop a user from downloading something random from the internet and running it?
Because uh every OS on earth has the exact same vulnerabilities? How are you supposed to stop a user from downloading something random from the internet and running it?
Some posix like systems mount /home with noexec in fstab.
Practically, most systems leave it off because many out-of-band user space script language package ecosystems stop working. =3
There are also adaptive application firewalls that are user friendly.
https://github.com/evilsocket/opensnitch
noexec clearly isn't going to help if you run untrusted JavaScript...
Sometimes, but nodejs or npm won't work properly without the headless chromium VM, and would need bypassing local file-access security-sandbox restrictions most normal system Web-browsers enforce by default.
If root installs OS supported VM packages, than it would be pointless to complain the system runs as expected. As a sentient turnip, I probably wouldn't know for sure... =3