!prlZxmnmAGuCYHUNSw:neko.dev

Gentoo Hardening

75 Members
If you care too much about security and Gentoo, this is your place to talk about it. Bring your hard hats, it sometimes gets heated (please behave). (Unofficial)29 Servers

Load older messages


SenderMessageTime
30 Aug 2022
@inference:tchncs.deinference
In reply to @darkjac:darkstars.me
what the absolute fuck xD the FSF kinda sucks
while I believe in "FOSS all the way", I also believe in security. So as long as we need proprietary updates, we should not use the linux-libre kernel
This.
10:36:18
@inference:tchncs.deinferenceWe can go towards FOSS, sure, but it's not possible to just abandon ship instantly. That's stupid.10:36:51
@inference:tchncs.deinference
In reply to @capybara_:matrix.org
But I don’t really understand how it works
Android user profiles are 100% isolated from each other. Even the admin profile doesn't have access to the others.
10:38:25
@inference:tchncs.deinferenceApps can only access data inside the same user profile, and don't even know the other profiles exist.10:38:54
@the_horo:matrix.orgHoro
In reply to @inference:tchncs.de
Android user profiles are 100% isolated from each other. Even the admin profile doesn't have access to the others.
So basiaclly a /home/{a,b} with permissions 700?
10:39:54
@inference:tchncs.deinference
In reply to @the_horo:matrix.org
So basiaclly a /home/{a,b} with permissions 700?
Strong than just DAC. It has full UID isolation.
10:40:55
@inference:tchncs.deinferenceSELinux is used, not just 700.10:41:16
@inference:tchncs.deinferenceIt can't even look at the filesystem to see there are other profiles.10:41:51
@inference:tchncs.deinferenceIt can only see its own data.10:41:59
@the_horo:matrix.orgHoroNeat10:42:21
@darkjac:darkstars.me/home/jacob
In reply to @inference:tchncs.de
Pixel 6 arrived.

Waiting for case and eSIM. Probably 3 days or so.
whoooooop, lots of fun with it!
11:16:49
@darkjac:darkstars.me/home/jacob
In reply to @inference:tchncs.de
It can't even look at the filesystem to see there are other profiles.
ye, it's an "emulated" storage. Much better than anything you do in a normal Linux environment
11:17:41
@darkjac:darkstars.me/home/jacobbut there is one thing i wonder about: how can i make it so that profiles are completely killed when i switch to another one? 11:18:41
@capybara_:matrix.orgcapybara_
In reply to @inference:tchncs.de
Android user profiles are 100% isolated from each other. Even the admin profile doesn't have access to the others.
Ok what if some major privilege escalation and then persistence to wait until user logs into other profile?
11:21:05
@capybara_:matrix.orgcapybara_Or I guess persistence is impossible11:21:27
@capybara_:matrix.orgcapybara_
In reply to @darkjac:darkstars.me
but there is one thing i wonder about: how can i make it so that profiles are completely killed when i switch to another one?
Non owner profiles can be stopped
11:22:48
@darkjac:darkstars.me/home/jacob
In reply to @capybara_:matrix.org
Ok what if some major privilege escalation and then persistence to wait until user logs into other profile?
afaik not possivle. The concept of "priviliged app" doesn't even really exist in GOD
11:22:53
@darkjac:darkstars.me/home/jacob
In reply to @capybara_:matrix.org
Non owner profiles can be stopped
ye but how automatically? that is what i want
11:23:04
@capybara_:matrix.orgcapybara_ what privileges are there even in android? kernel -> root -> app? 11:23:35
@inference:tchncs.deinferenceaa367d17-40e4-4518-8eab-e2cd03dec40c.png
Download aa367d17-40e4-4518-8eab-e2cd03dec40c.png
11:24:40
@inference:tchncs.deinferenceBottom to top.11:24:43
@capybara_:matrix.orgcapybara_looks complicated11:25:03
@capybara_:matrix.orgcapybara_ It’s better to just ask an expert. flawedworld 11:25:19
@inference:tchncs.deinferenceIt simply shows how everything is isolated.11:26:00
@capybara_:matrix.orgcapybara_What level of compromised privilege can a profile separate from? For example I surely know that apps can’t communicate across profiles then I don’t that profiles can separate app privileges11:26:26
@capybara_:matrix.orgcapybara_* What level of compromised privilege can a profile separate from? For example I surely know that apps can’t communicate across profiles then profiles can separate app privileges11:27:00
@inference:tchncs.deinference
In reply to @capybara_:matrix.org
What level of compromised privilege can a profile separate from? For example I surely know that apps can’t communicate across profiles then I don’t that profiles can separate app privileges
If a profile was compromised, an attacker could only see inside that profile.
11:27:12
@capybara_:matrix.orgcapybara_ What is a profile? Is it a privilege that lets you see everything that happens in the profile or what? 11:27:46
@inference:tchncs.deinferenceEven if the admin profile was compromised, it could only see inside itself. Admin has no special access to other profiles.11:28:00
@inference:tchncs.deinference
In reply to @capybara_:matrix.org
What is a profile? Is it a privilege that lets you see everything that happens in the profile or what?
A profile is effectively a user account.
11:28:19

There are no newer messages yet.


Back to Room ListRoom Version: 6