Gentoo Archives: gentoo-user

From: Michael Orlitzky <mjo@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
Date: Sat, 29 Aug 2020 00:52:05
Message-Id: c1048411-2705-5cec-dd8b-cf741d232006@gentoo.org
In Reply to: Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins? by Grant Taylor
1 On 2020-08-28 20:29, Grant Taylor wrote:
2 > On 8/28/20 6:10 PM, Michael Orlitzky wrote:
3 >> I think I see where we're diverging: I'm assuming that the employees of
4 >> the VPS provider can hop onto any running system with root privileges.
5 >
6 > Perhaps I'm woefully ignorant, but my current working understanding
7 > is that ...They still need to connect to a terminal (be it console or
8 > serial or ssh or other), log in (with credentials that they should
9 > not have) and access things that way.
10 >
11 > I'm actually not encrypting the full VM. I have an encrypted disk. The
12 > VM boots like normal, I log in, unlock the encrypted disk, mount it, and
13 > start services.
14
15 If /etc/passwd, /etc/shadow, and friends aren't encrypted, they can get
16 in pretty easily without credentials. The VPS admins have physical
17 access to the disk -- they could swap out your root password for theirs
18 temporarily, or create a secondary privileged account.
19
20 And keep in mind that your shell and all of the executables used to
21 decrypt/mount the disk are themselves unencrypted and can be replaced by
22 malware. A lazy attack would be to reboot in single-user mode (bypasses
23 the root password) and then replace your utilities with keyloggers
24 before rebooting again. This might look suspicious to you, but would you
25 really avoid logging into the system ever again because it rebooted once?