1 |
On Sun, Mar 20, 2022 at 12:05 PM Daniel Frey <djqfrey@×××××.com> wrote: |
2 |
> |
3 |
> They don't even need to defeat a password. If they have root, it's |
4 |
> trivial to unlock a locked session without knowing the password - just FYI. |
5 |
> ... |
6 |
> The screen locks in linux are security by obscurity, if something is |
7 |
> that sensitive, don't stay logged in all the time. |
8 |
|
9 |
If somebody has root access to your box, then they are going to be |
10 |
able to get at your data. They don't have to unlock your session to |
11 |
do it - they have access to the memory of all your processes, |
12 |
everything on disk, and so on. If you're using encryption at the |
13 |
account level and it is well-implemented then root probably can't get |
14 |
at your data while you aren't logged in, but they certainly can get it |
15 |
the next time you log in. |
16 |
|
17 |
It is true though that linux screensavers are often not |
18 |
well-implemented. Honestly, I'm not sure if any of them are - it |
19 |
seems to be more of an afterthought in the design layered on top. I |
20 |
haven't made a study of them, so maybe there are some which are, but |
21 |
something like this really needs to be designed into the system to be |
22 |
secure, and some of that needs to be treated as security-critical |
23 |
code. |
24 |
|
25 |
Now, if you want to make an argument for leaving systems powered down |
26 |
except when needed if they contain sensitive data that would certainly |
27 |
reduce the opportunity for intrusion, but you still need the OS to |
28 |
keep people from gaining root in the first place. |
29 |
|
30 |
As others have mentioned at the start of the thread, if you're |
31 |
concerned with physical security then full disk encryption (or at |
32 |
least encryption of data combined with airtight authentication of the |
33 |
OS) has to be part of the solution. In 99% of linux-based solutions |
34 |
that requires entering a password at boot. In theory the linux kernel |
35 |
has support for TPM verified boot, so you could implement something |
36 |
like Bitlocker/etc on Linux, but I'm not aware of any distros that |
37 |
have done so (unless you want to count something like ChromeOS). For |
38 |
a desktop system a boot password isn't as much of a problem, but if |
39 |
you want an unattended server to be able to boot on power restoration |
40 |
then a TPM-based solution would be better. It certainly is prettier |
41 |
on the desktop, and allows for more recovery options, which is why |
42 |
just about all corporate laptops I've seen do it this way. Of course |
43 |
without a boot password you're only as secure as your OS, as any |
44 |
attacker can still boot the OS and attack it while it is running, |
45 |
which they can't do if the disk requires a password to decrypt it. |
46 |
|
47 |
If you're running Windows on a system with a TPM the simplest solution |
48 |
to all this stuff is to turn on Bitlocker, though this is not |
49 |
available on the Home edition of Win10. |
50 |
|
51 |
-- |
52 |
Rich |