1 |
On 2020-08-28 20:29, Grant Taylor wrote: |
2 |
> On 8/28/20 6:10 PM, Michael Orlitzky wrote: |
3 |
>> I think I see where we're diverging: I'm assuming that the employees of |
4 |
>> the VPS provider can hop onto any running system with root privileges. |
5 |
> |
6 |
> Perhaps I'm woefully ignorant, but my current working understanding |
7 |
> is that ...They still need to connect to a terminal (be it console or |
8 |
> serial or ssh or other), log in (with credentials that they should |
9 |
> not have) and access things that way. |
10 |
> |
11 |
> I'm actually not encrypting the full VM. I have an encrypted disk. The |
12 |
> VM boots like normal, I log in, unlock the encrypted disk, mount it, and |
13 |
> start services. |
14 |
|
15 |
If /etc/passwd, /etc/shadow, and friends aren't encrypted, they can get |
16 |
in pretty easily without credentials. The VPS admins have physical |
17 |
access to the disk -- they could swap out your root password for theirs |
18 |
temporarily, or create a secondary privileged account. |
19 |
|
20 |
And keep in mind that your shell and all of the executables used to |
21 |
decrypt/mount the disk are themselves unencrypted and can be replaced by |
22 |
malware. A lazy attack would be to reboot in single-user mode (bypasses |
23 |
the root password) and then replace your utilities with keyloggers |
24 |
before rebooting again. This might look suspicious to you, but would you |
25 |
really avoid logging into the system ever again because it rebooted once? |