Linux focused on Privacy ?

harfang@slrpnk.net · 3 days ago

Linux focused on Privacy ?

N.E.P.T.R@lemmy.blahaj.zone · 3 days ago

Fedora Atomic is not more secure than traditional Fedora. That is a misconception.

Qubes, Kicksecure/Whonix, and Secureblue are basically the only major security focused Linux distros.

Tails is focused on anonymity, not simply privacy (same with Whonix). Tails is not really security hardened.

LeTak@feddit.org · 2 days ago

Why is Fedora atomic not more secure? It is literally immutable. Which kills the concept of persistent malware, unless they archive a complex exploit chain to gain root and install a malicious package and then reboot into the new iso, which is easier said then done.

N.E.P.T.R@lemmy.blahaj.zone · edit-2 2 days ago

You can just layer persistent malware (like a .rpm from the internet) using rpm-ostree, or rebase to a malicious image, because rpm-ostree doesnt require a password. Atomic doesnt mean basically anything other than you switch out images, it isnt a security feature. Or have persistent malware by creating a systemd user service that runs on login, or a system service which does the same, and does something malicious (exfiltrate data or keylog [yes that is possible on Wayland with LD_PRELOAD trick]). Or modify the use’rs ~/.bashrc and change the path to include something like /tmp or ~/.local/bin and pit a fake sudo binary which takes president over the real sudo and does something (like steal your user password). Or LD_PRELOAD a malicious binary to everything either by adding a line to the .bashrc, or get root and create /etc/ld.so.preload

The list goes on. It isn’t more secure than regular Fedora. It isn’t a (significant) security feature. It doesn’t protect against persistent malware which resides in the user home, etc, or goes unnoticed as a layered package. rpm-ostree can be used to install anything without needing a password. It isn’t secure.