>> So my question is, will there be any security implications that I >> should be concerned about with setting wxallowed in /etc/fstab to the >> home mountpoint? > > Yes there is a security implication. From mount(8), > > wxallowed Processes that ask for memory to be made writeable > plus executable using the mmap(2) and mprotect(2) > system calls are killed by default. This option > allows those processes to continue operation. It is > typically used on the /usr/local filesystem. > > That will allow this program to do create such memory. It will also > allow any other program in your /home to do so. > > We don't know what other programs you might have in /home. That's > why this feature was designed to operate in this restrictive way. > > In a perfect world, software would stop asking for W|X memory. We > aren't there yet. This mechanism softly applies pressure towards > that end. > > Turn it off and accept the consequences, and potential risks if you > like. W|X memory isn't the only risk out there... >
Thank you Theo. After reading through your reply I would rather not deal with a potential risk. I decided to go down the path of adding a venv directory in /usr/local and giving my account as owner and wheel as group. This should allow the python binaries to stay in /usr/local and not have to set wxallowed on my /home directory. I believe this to be a safer option but unfortunately security is not my strong suite so I might be missing another security implication by going down this road.
