Re: [gentoo-user] gentoo for a virtual server in the cloud?

2022-03-20 Thread Matt Connell 
On Fri, 2022-03-18 at 14:57 -0600, Grant Taylor wrote:
> I've got a Gentoo image running in Linode without any problem.
> 
> I'm fairly certain that they offer Gentoo as an option when creating
> the VPS.  It's been too long and I've messed with too many things
> since then.

They do.  I have happily run a Gentoo Linode VM for years now.

Re: [gentoo-user] KDE, sddm etc security. Plus LVM question.

2022-03-20 Thread Rich Freeman 
On Sun, Mar 20, 2022 at 12:05 PM Daniel Frey  wrote:
>
> They don't even need to defeat a password. If they have root, it's
> trivial to unlock a locked session without knowing the password - just FYI.
> ...
> The screen locks in linux are security by obscurity, if something is
> that sensitive, don't stay logged in all the time.

If somebody has root access to your box, then they are going to be
able to get at your data.  They don't have to unlock your session to
do it - they have access to the memory of all your processes,
everything on disk, and so on.  If you're using encryption at the
account level and it is well-implemented then root probably can't get
at your data while you aren't logged in, but they certainly can get it
the next time you log in.

It is true though that linux screensavers are often not
well-implemented.  Honestly, I'm not sure if any of them are - it
seems to be more of an afterthought in the design layered on top.  I
haven't made a study of them, so maybe there are some which are, but
something like this really needs to be designed into the system to be
secure, and some of that needs to be treated as security-critical
code.

Now, if you want to make an argument for leaving systems powered down
except when needed if they contain sensitive data that would certainly
reduce the opportunity for intrusion, but you still need the OS to
keep people from gaining root in the first place.

As others have mentioned at the start of the thread, if you're
concerned with physical security then full disk encryption (or at
least encryption of data combined with airtight authentication of the
OS) has to be part of the solution.  In 99% of linux-based solutions
that requires entering a password at boot.  In theory the linux kernel
has support for TPM verified boot, so you could implement something
like Bitlocker/etc on Linux, but I'm not aware of any distros that
have done so (unless you want to count something like ChromeOS).  For
a desktop system a boot password isn't as much of a problem, but if
you want an unattended server to be able to boot on power restoration
then a TPM-based solution would be better.  It certainly is prettier
on the desktop, and allows for more recovery options, which is why
just about all corporate laptops I've seen do it this way.  Of course
without a boot password you're only as secure as your OS, as any
attacker can still boot the OS and attack it while it is running,
which they can't do if the disk requires a password to decrypt it.

If you're running Windows on a system with a TPM the simplest solution
to all this stuff is to turn on Bitlocker, though this is not
available on the Home edition of Win10.

-- 
Rich

Re: [gentoo-user] wifi networks not seen by networkmanager

2022-03-20 Thread Andrés Becerra Sandoval 
On Sat, 19 Mar 2022 at 14:47, MK  wrote:

> Thu Mar 17 09:30:09 2022 >>> net-wireless/wpa_supplicant-2.10-r1 is
> more-than-likely the problem. I had the same issue yesterday and eventually
> switched to iwd. There's also this thread in the forums regarding the same
> issue:
>
> https://forums.gentoo.org/viewtopic-t-1147741.html
>
> Hope that helps.
>
>
Thank you for the link!

-- 
  Andrés Becerra Sandoval

Re: [gentoo-user] KDE, sddm etc security. Plus LVM question.

2022-03-20 Thread Daniel Frey 

On 2022-03-19 01:03, Dale wrote:

Howdy,

I been thinking.  Yea, that's dangerous.  lol  If I logout of KDE, or
have the screen locked, ctrl+alt=L key sequence, how secure is that if I
have good passwords that are virtually impossible to crack?  My login
manager is sddm.  As a example, if someone breaks into my home, is there
a easy way to get past that?  I recall the old windoze 98 days where a
certain key sequence would bypass the password prompt.  Is there a way
known to crooks and such that can bypass or easily defeat passwords?



They don't even need to defeat a password. If they have root, it's 
trivial to unlock a locked session without knowing the password - just FYI.


I had to use that method when compiling updates and the screen saver 
broke, and yes it did work. I can't recall what the command was now - 
but I did test it on a working-normally system and it worked as well.


The screen locks in linux are security by obscurity, if something is 
that sensitive, don't stay logged in all the time.


Dan