Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this.
@safiuddinkhan @iska @dushman @m0xee
Top-level
@inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this. @safiuddinkhan @iska @dushman @m0xee 15 comments
@cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Maybe. Why isn't the whole web using android servers, if it's so secure? @iska @safiuddinkhan @cyberspook @m0xee @dushman Because no Linux hardware other than Android is really using HSMs or TEEs with verified boot. The only company I know which does that is Google, using the Titan.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Verified boot is not a requirement for android, and exists in standard PCs. @iska @safiuddinkhan @cyberspook @m0xee @dushman Verified boot does not exist in normal PCs. Verified boot is not the same as secure boot, it is an extra layer above which protects the OS integrity, not just checking the bootloader signature. You are very wrong.
@inference @safiuddinkhan @cyberspook @m0xee @dushman How would google's edition of GNU/Linux have verified boot but not normal? puri.sm is even more secure, even neutralizing IME. Here's one of their features. @iska @safiuddinkhan @cyberspook @m0xee @dushman
"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening." https://madaidans-insecurities.github.io/linux-phones.html @inference @safiuddinkhan @cyberspook @m0xee @dushman I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86. @iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.
There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot). Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.
@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook Besides you need hardware access or hard fuckups to compromise boot. Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails. @inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷 |
I can give you a simple code block which can save your root password and feed it back:
https://madaidans-insecurities.github.io/linux.html#root