| 1 |
On Sun, Mar 20, 2022 at 12:05 PM Daniel Frey <djqfrey@×××××.com> wrote: |
| 2 |
> |
| 3 |
> They don't even need to defeat a password. If they have root, it's |
| 4 |
> trivial to unlock a locked session without knowing the password - just FYI. |
| 5 |
> ... |
| 6 |
> The screen locks in linux are security by obscurity, if something is |
| 7 |
> that sensitive, don't stay logged in all the time. |
| 8 |
|
| 9 |
If somebody has root access to your box, then they are going to be |
| 10 |
able to get at your data. They don't have to unlock your session to |
| 11 |
do it - they have access to the memory of all your processes, |
| 12 |
everything on disk, and so on. If you're using encryption at the |
| 13 |
account level and it is well-implemented then root probably can't get |
| 14 |
at your data while you aren't logged in, but they certainly can get it |
| 15 |
the next time you log in. |
| 16 |
|
| 17 |
It is true though that linux screensavers are often not |
| 18 |
well-implemented. Honestly, I'm not sure if any of them are - it |
| 19 |
seems to be more of an afterthought in the design layered on top. I |
| 20 |
haven't made a study of them, so maybe there are some which are, but |
| 21 |
something like this really needs to be designed into the system to be |
| 22 |
secure, and some of that needs to be treated as security-critical |
| 23 |
code. |
| 24 |
|
| 25 |
Now, if you want to make an argument for leaving systems powered down |
| 26 |
except when needed if they contain sensitive data that would certainly |
| 27 |
reduce the opportunity for intrusion, but you still need the OS to |
| 28 |
keep people from gaining root in the first place. |
| 29 |
|
| 30 |
As others have mentioned at the start of the thread, if you're |
| 31 |
concerned with physical security then full disk encryption (or at |
| 32 |
least encryption of data combined with airtight authentication of the |
| 33 |
OS) has to be part of the solution. In 99% of linux-based solutions |
| 34 |
that requires entering a password at boot. In theory the linux kernel |
| 35 |
has support for TPM verified boot, so you could implement something |
| 36 |
like Bitlocker/etc on Linux, but I'm not aware of any distros that |
| 37 |
have done so (unless you want to count something like ChromeOS). For |
| 38 |
a desktop system a boot password isn't as much of a problem, but if |
| 39 |
you want an unattended server to be able to boot on power restoration |
| 40 |
then a TPM-based solution would be better. It certainly is prettier |
| 41 |
on the desktop, and allows for more recovery options, which is why |
| 42 |
just about all corporate laptops I've seen do it this way. Of course |
| 43 |
without a boot password you're only as secure as your OS, as any |
| 44 |
attacker can still boot the OS and attack it while it is running, |
| 45 |
which they can't do if the disk requires a password to decrypt it. |
| 46 |
|
| 47 |
If you're running Windows on a system with a TPM the simplest solution |
| 48 |
to all this stuff is to turn on Bitlocker, though this is not |
| 49 |
available on the Home edition of Win10. |
| 50 |
|
| 51 |
-- |
| 52 |
Rich |
Archives