comment

usr/lib/security-misc/permission-hardening

@@ -50,6 +50,9 @@ add_nosuid_statoverride_entry() {
         new_mode="$existing_mode"
       fi
 
+## Remove 'others' / 'group' execution ('chmod og-x /path/to/binary') rights for better usability?
+## Make binaries such as 'su' fail closed rather than fail open if suid was removed from these?
+## Are there suid or guid binaries which are still useful if suid / guid has been removed from these?
 ## https://forums.whonix.org/t/permission-hardening/8655/10
 #       if [ "$new_mode" = "755" ]; then
 #         new_mode=744