Comment on Silverblue or other immutable on remote VPS?
myersguy@lemmy.simpl.website 2 weeks agoAn attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).
That would be true of podman running anywhere, and is not unique to an immutable distribution. This is also clearly not what they are talking about.
The filesystem itself is also read-only.
You can change that real quick if you have root access.
asap@lemmy.world 2 weeks ago
You sound confident, but the fact that Fedora is using the term “immutable” makes me wonder if you actually have domain expertise here.
Immutable means immutable. It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.
Unless you provide some evidence to the contrary I’m going to assume you aren’t correct.
superkret@feddit.org 2 weeks ago
The immutability isn’t designed to protect against a malicious attacker with root access.
Any system is fucked if that happens.
It’s designed to reduce the workload of the maintainers, because they effectively only need to test and build for one standard image.
asap@lemmy.world 2 weeks ago
Makes sense. An “immutable” distro provides no additional security benefit, however CoreOS does have a reduced attack surface area compared to other distros, which itself is a benefit.
myersguy@lemmy.simpl.website 2 weeks ago
Someone with root can run ostree admin unlock --hotfix to make /usr writable. Someone with root can also delete all restore points.
See the comment by superkret.
aordogvan@lemmy.world 2 weeks ago
While what you’re saying is theoretically true, don’t forget that as far as I know, most attacks are perpetrated by bots. And while it is true that in a fedora based version one could run ostree admin unlock etc… this particular command would need to be included in the attack script.
Now if the script has to be modified to include all possible immutable systems that could possibly run it would increase the complexity and most importantly the size of said script making it easier to detect.
I’m not saying that its a bulletproof method, I’m just saying that by itself it greatly minimizes the risk, at least until all servers run immutable systems. And even then it still complicates matters for potential attackers quite a bit. So therefore reducing or at least greatly minimizing the potential of the system being compromised.
myersguy@lemmy.simpl.website 2 weeks ago
Your comment was already from the position of if an attacker could gain root access. My responses were to that directly, and nothing else.
asap@lemmy.world 2 weeks ago
While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?
myersguy@lemmy.simpl.website 2 weeks ago
The original context for the comment chain was:
So no, it’s completely relevant.