| 1 |
On 6/26/20 4:40 PM, Rich Freeman wrote: |
| 2 |
> On Fri, Jun 26, 2020 at 4:03 PM james <garftd@×××××××.net> wrote: |
| 3 |
>> |
| 4 |
>> So can some of the smarter (gentoo) folks illuminate how to totally |
| 5 |
>> avoid groups and users, except for the minimum required, application |
| 6 |
>> specific? For example like serial line tools, or outline a set of |
| 7 |
>> tweaks/setting to avoid these altogether? |
| 8 |
>> |
| 9 |
> |
| 10 |
> IMO if extra security is your goal then if anything you want to have |
| 11 |
> MORE use of users rather than less. Everything should be least |
| 12 |
> privilege, and usually that means having separate UIDs for everything, |
| 13 |
> and then layering on stuff like namespaces/SELinux/capabilities/etc on |
| 14 |
> top of that to further tailor things. |
| 15 |
|
| 16 |
OK, that's a pathway forward, that I no longer believe in, though viable. |
| 17 |
|
| 18 |
I think the days of systems design and implementation, that require a |
| 19 |
default, multi-user, scenario, are arcane and subject to many attack |
| 20 |
vectors. Granted many will and do disagree, and new pathways are rarely |
| 21 |
well lighted in my experiences. |
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
> Of course the more config you have like this, the more there is to |
| 26 |
> audit. However, you also have to consider the failure mode. When you |
| 27 |
> have layers of security and some layer fails, chances are that the |
| 28 |
> failure still results in more containment than what you would have had |
| 29 |
> if you didn't build the layers in the first place. |
| 30 |
|
| 31 |
Security Schema are many and all are under attack. Most of what I need |
| 32 |
from a 'well behaved' collective of microprocessors and microcontrollers |
| 33 |
are in-house and need little (data) from the outside. The need to share |
| 34 |
outside is nice, but can be limited, dynamically for a wide variety of |
| 35 |
reason. The deep desire to share, in part-and-parcel, is to be human. |
| 36 |
For me, as a christian, its far deeper of a need, but that on me. Quick |
| 37 |
and automated shut-off, is a concept I like very, very much. |
| 38 |
|
| 39 |
Currently, the need to be able to "snap my fingers" and instantly |
| 40 |
isolate, is mostly prevented because our USA government forces chip |
| 41 |
manufacturers to put "bullshit and backdoors" into most all processors |
| 42 |
and controllers. That shit has to STOP. They, including our F. Feds do |
| 43 |
not have that right. If we do not fix this, SATAN gets control; hence |
| 44 |
the end-times are upon us, like a thief in the night. That's my belief |
| 45 |
and I know many that think it is too late, to fix. the first step is to |
| 46 |
have 100% of critical systems components manufactured in the USA. Each |
| 47 |
country can and should do their own thing. Leaders have now realized, |
| 48 |
letting folks that rule the large corporations, "have it their way" has |
| 49 |
landed up in a pile of problems. |
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
> Now, one thing that would result in fewer UIDs is installing less |
| 54 |
> stuff. Maybe that is what you're getting at, and of course reducing |
| 55 |
> the attack surface is a good thing. However, keep in mind that a UID |
| 56 |
> in /etc/passwd doesn't actually do anything if no process runs with |
| 57 |
> that UID - it is just a line in a text file. So, having a uucp group |
| 58 |
> when no processes have access to it doesn't really cause issues. |
| 59 |
|
| 60 |
unless the remotes can inject into that causal hardware relationship and |
| 61 |
exploit it? Who knows what lurks in them micro-codes of silicon these |
| 62 |
days.... much of the hardware has hidden Rf channels, well hidden and it |
| 63 |
requires quite expensive systems that the semiconductor companies |
| 64 |
provide, mostly to governments, on a use-to-be limited basis. That's why |
| 65 |
the USA is forcing AMD to bring 7-nm manufacturing to US soil, so they |
| 66 |
are under USA rule-sets. Makes the Mafia look like choir boys...... |
| 67 |
|
| 68 |
here's one publicized: |
| 69 |
https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/ |
| 70 |
|
| 71 |
|
| 72 |
and a bit deeper: |
| 73 |
|
| 74 |
https://freetechsforum.com/minix-%E2%80%8Bintels-hidden-chip-operating-system/ |
| 75 |
|
| 76 |
> Removing the group doesn't actually make things more secure, because |
| 77 |
> processes can use a gid even if it doesn't exist in /etc/groups. |
| 78 |
> Effectively any POSIX system has every uid/gid available even if there |
| 79 |
> is no /etc/passwd at all. |
| 80 |
|
| 81 |
|
| 82 |
And that is coded into the parts of the kernel, we cannot eliminate? |
| 83 |
Typical sploits? |
| 84 |
|
| 85 |
Curiously, a bit deeper explanation? |
| 86 |
I'm no expert at this stuff, but I am very interested to hear more, from |
| 87 |
your perspective and experiences which you are comfortable sharing. |
| 88 |
|
| 89 |
|
| 90 |
James |
Archives