Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 22, 2020 14:18 UTC (Wed) by mathstuf (subscriber, #69389)
In reply to: Garrett: Linux kernel lockdown, integrity, and confidentiality by scientes
Parent article: Garrett: Linux kernel lockdown, integrity, and confidentiality

"It can't be perfect, so let's just give up." What an asinine argument.

Nevermind that there are use cases where I may have access to a machine, but not ownership. I'd like to know that lending my laptop won't result in a rootkit. Schools want to provide laptops to students without them being allowed to replace the OS. Employers, etc. Yes, companies can also use it with respect to their customers. Complain about those instances, not the tool because those companies don't care about the tool as much as the end result.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 23, 2020 5:25 UTC (Thu) by pabs (subscriber, #43278) [Link] (8 responses)

Students and employees should be able to trust the OS on the laptop they use, which means they need to be allowed to replace the OS.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 23, 2020 6:27 UTC (Thu) by diconico07 (guest, #117416) [Link] (3 responses)

Universities/Schools/Companies/Whatever must be able to trust the OS on the laptop connecting to their network, which means they need to ensure it cannot be tempered with. Moreover to trust the OS on the laptop you use, I would rather say you need to be able to audit its code and configuration, not modify it.
There is also the fact that to trust your own laptop with the OS you put there, you have to be sure no one tampered with it (while you were away for example).

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 23, 2020 7:56 UTC (Thu) by LtWorf (subscriber, #124958) [Link] (1 responses)

> Universities/Schools/Companies/Whatever must be able to trust the OS on the laptop connecting to their network, which means they need to ensure it cannot be tempered with.

It can be tampered with, they need to assume they cannot trust anything that connects to their network instead.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 23, 2020 12:59 UTC (Thu) by excors (subscriber, #95769) [Link]

> It can be tampered with, they need to assume they cannot trust anything that connects to their network instead.

It's impractical to never trust anything, so I assume you mean "don't trust anything simply because it's connected to the private network - use some kind of 2FA to verify a legitimate user is there before trusting it (and then still only trust it to the extent necessary for the user to do their job)". But a legitimate user could sign in with 2FA on a computer that's riddled with malware, which subsequently steals data from the private network or sends malicious data into the network. Even if they don't sign in, the malware could steal sensitive information that's cached locally (e.g. emails discussing confidential matters). That's not good enough protection.

Most students and many employees are likely to willingly install dodgy software on the computers provided to them, and all will be vulnerable to targeted phishing attacks, so you can't rely on the user to avoid malware. If someone with expertise and accountability, like the company's IT department, can verify the computers are running the clean software they were originally provided with and have not been tampered with, then that's a significant extra layer of protection. And that requires technical features to either prevent or detect tampering, like this kernel lockdown stuff. (And of course they should still do 2FA and least privilege too.)

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Jul 13, 2020 13:43 UTC (Mon) by immibis (subscriber, #105511) [Link]

There IS a middle ground: you can replace the OS, but after you do that, it cannot connect to their network.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 23, 2020 18:08 UTC (Thu) by mpr22 (subscriber, #60784) [Link] (3 responses)

The guys who sit five yards away from me when we're in the office need the ability to replace the OS on the laptop the company bought for me to use for my employment duties.

I, on the other hand, don't want the ability to replace the OS on that laptop.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 24, 2020 6:08 UTC (Fri) by LtWorf (subscriber, #124958) [Link] (2 responses)

> I, on the other hand, don't want the ability to replace the OS on that laptop.

You can have the ability. You don't necessarily have to take advantage of that ability.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 24, 2020 10:46 UTC (Fri) by Wol (subscriber, #4433) [Link] (1 responses)

That's the point. If the ability is there, it can be mis-used. *HE* may not want to take advantage of it, but an attacker might.

As also mentioned elsewhere, I look after elderly relatives. I would *LOVE* to be able to lock down their systems and remove all these fancy "ease of use" features. Hell, *I* regularly invoke these damn features without realising it, and undoing a massive change that you did by mistake because you hit a key that you didn't even *know* did something fancy ...

The mere *ability* to do something is a massive liability when you are dealing with folks who don't understand computers (or on the other hand understand them far too well...).

Cheers,
Wol

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 25, 2020 0:04 UTC (Sat) by sjj (guest, #2020) [Link]

If you really want to do that, give your relatives chromebooks attached to your google domain. Tried it with mine, too much of a hassle for me but ymmv. Everything can be managed centrally. Normal google caveats apply.