"The PAM Duress is a module designed to allow users to generate ‘duress’ passwords that when used in place of their normal password will execute abritrary scripts.

This functionality could be used to allow someone pressed to give a password under coersion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to limit lateral movement, and/or to send off a notifcation or alert (potentially one with detailed information like location, visible wifi hotspots, a picture from the camera, a link to a stream from the microphone, etc). You could even spawn a process to remove the pam_duress module so the threat actor won’t be able to see if the duress module was available.

This is transparent to the person coersing the password from the user as the duress password will grant authentication and drop to the user’s shell.

Duress scripts can be generated on an individual user basis or generated globally. Users can also re-use global duress passwords to sign their own duress scripts (rare instance where this could actually be useful from a security perspective)."

Found on HN - https://news.ycombinator.com/item?id=28267975

  • jazzfes@lemmy.mlOP
    link
    fedilink
    arrow-up
    0
    ·
    3 years ago

    Didn’t know about this.

    I absolute security doesn’t exist. It’s more a matter of what you’d like to hedge against. If you are mostly worried about personal data at random security scans, than those things will work. If you are hedging against state / business actors who have purpose, it probably won’t.

    • Helix 🧬@feddit.de
      link
      fedilink
      arrow-up
      0
      ·
      3 years ago

      absolute security doesn’t exist. It’s more a matter of what you’d like to hedge against

      Yes, threat models are important and security is not a state, but a process.