On 16/08/2021 10:32, Martin Kletzander wrote:
On Mon, Aug 09, 2021 at 11:48:11AM +0100, lejeczek wrote:
Hi guys.
On a remote & "shared" systems - are private secrets
completely 100% safe? Can root get to those?
(naturally excluding hacking of unknown bugs & exploits and
theories such as "no computer system is ultimately safe")
Well, the secret needs to be kept somewhere. The most
secure you can
get with secrets is the ephemeral ones, but those still
need to be kept
in memory. You could encrypt them, but then you would
need to provide
the decryption passphrase or key when you want to use them
and that
would be like providing the secret itself anyway. Even
thought there
are some limitations to unlimited memory access in Linux
when someone
has root access you have to assume they have access to
what the system
has access too.
yes, my bad I was not clear on that - yes private & ephemeral.
Those 'secrets' virsh says cannot "get" back to me, even to
me root, so that's good. So here, I wonder', if there is a
technique which a malicious root could use to a secret.
The best you can do to mitigate that is using something
like Intel SGX,
AMD SEV and such like. There is Launch Security [0] in
libvirt, but I
think it only supports SEV and something on s390. But I
do not have any
experience with those.
[0] https://libvirt.org/formatdomain.html#id113
"Launch Security" - I was not even aware of. Busy with admin
stuff and not checking changelogs, bad me again. Thanks for
that.
And if answer is yes then - do you have any best practices
for storing & managing of those secrets?
many thanks, L.