Comment

Comment on Silverblue or other immutable on remote VPS?

<- View Parent

asap@lemmy.world ⁨2⁩ ⁨months⁩ ago

While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?

source

Sort:hotnew top

myersguy@lemmy.simpl.website ⁨2⁩ ⁨months⁩ ago

Because even if an attacker could gain access even as root he cannot modify system files.

The original context for the comment chain was:

Because even if an attacker could gain access even as root he cannot modify system files.

So no, it’s completely relevant.

source
- asap@lemmy.world ⁨2⁩ ⁨months⁩ ago
  My comment in the comment chain was:
  
  An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).
  
  We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.
  
  source
  - myersguy@lemmy.simpl.website ⁨2⁩ ⁨months⁩ ago
    Your comment also contained
    
    The filesystem itself is also read-only.
    
    Which is what led to the further discussion of root making that not so.
    
    I don’t believe that to be the intent of the OP’s comment, given their second sentence, but they are welcome to state otherwise. I just don’t want them thinking that an immutable distribution gives them some kind of bulletproof security that it doesn’t.
    
    source
    asap@lemmy.world ⁨2⁩ ⁨months⁩ ago
    Very true. The discussion helped me, as I did think it meant not easily editable.
    
    As root of course you can change the system to be any other type of system (layer packages, rebase, whatever), but I did assume it meant not easily modifiable in it’s current state.
    
    source