40
submitted 4 months ago* (last edited 4 months ago) by poki@discuss.online to c/linux@lemmy.ml

(More) Specifics:

  • Undoing the protection should include filling in a password.
  • The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

Edit: Perhaps additional specifications:

  • With 'displace‘, I mean anything involving that resembles the result of mv, cp (move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to 'pop up' anywhere.
  • I require for the files to be unreadable.
  • I don't care if it's modifiable or not.
  • I don't require this for my whole system! Only for a specific set of files.
you are viewing a single comment's thread
view the rest of the comments
[-] bitfucker@programming.dev 5 points 4 months ago* (last edited 4 months ago)

By definition, you can't. Any software level solution will fail since you can just move the drive somewhere else. It must be baked into the hardware and firmware.

Edit to add further clarification. Do you need it to be failing on every device or just on a device that you control? Since as stated before, moving a mass storage will completely overthrow any software solution

[-] poki@discuss.online 1 points 4 months ago

Do you need it to be failing on every device or just on a device that you control?

Actually, I'm fine with a solution that only works on a device that I control. But, failing on every device is nice as well.

[-] bitfucker@programming.dev 2 points 4 months ago

Right, working on every device requires a hardware solution. I haven't encountered any such hardware yet but I do know that it is possible. Next, your second requirement makes what you're trying to accomplish impossible. Privilege escalation by definition will escalate the privilege. The problem lies in the fact that the root user is basically a god in linux. You can even wipe your system if you so desire. However, you can read more into SELinux or other similar systems. It works by basically running check on the kernel level not user level. But the only solutions I can think of will make other day-to-day tasks more of a hassle. Also, note that whoever knows how to modify the SELinux can also bypass the system. I found an answer on serverfault that points to a blog. However, I haven't read the blog yet. You may find an answer there.

[-] poki@discuss.online 1 points 4 months ago
[-] bitfucker@programming.dev 2 points 4 months ago

You're welcome. I also recommends Arch Wiki on SELinux. It helps clarify a lot of things and how different it is with traditional linux privilege escalation.

[-] poki@discuss.online 1 points 4 months ago
this post was submitted on 22 Jun 2024
40 points (100.0% liked)

Linux

48097 readers
765 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS