systemd-homed is coming: mobile home live USBs

[imschmeg]

https://linuxreviews.org/Systemd-Homed_ ... irectories

I'm agnostic right now about systemd, but this homed capability might convince me to become a true believer. But maybe the MX devs will find a way to shim this so that it works without systemd, so I can remain happily agnostic.

[gosia]

But maybe the MX devs will find a way to shim this so that it works without systemd,

Please don't. If anything, leave this "feature" only at systemd.

[manyroads]

Yay... another useless feature.

https://www.linuxjournal.com/article/7291

[Head_on_a_Stick]

another useless feature

Useless? Have you not read the various articles explaining why systemd-homed has been created?

The new feature solves a very real problem: if a user's home directory is encrypted then the key must be stored in RAM when the machine is suspended and this leaves them vulnerable to cold boot attacks. With systemd-homed the directory is un-mounted before suspension and so the key is not exposed to malicious agents.

It's not all roses though because the new feature adds ~21,000 lines of code[1] which is a significant potential attack surface.

[SwampRabbit]

another useless feature

Useless? Have you not read the various articles explaining why systemd-homed has been created?

The new feature solves a very real problem: if a user's home directory is encrypted then the key must be stored in RAM when the machine is suspended and this leaves them vulnerable to cold boot attacks. With systemd-homed the directory is un-mounted before suspension and so the key is not exposed to malicious agents.

It's not all roses though because the new feature adds ~22,000 lines of code[1] which is a significant potential attack surface.

If just the user's encrypted home directory is safe that doesn't mean the rest of the system is safe from cold boot attacks though.

Having one key to your house doesn't stop a bad person from running up behind and hitting you over the head after you unlock the door.

This doesn't stop attackers from getting access to your home directory if they really want to, they just have to go about it a different way.

An attacker just has to wait until the user accesses their home directory after login. The "if" still exists... only the "when" has changed a bit. Well and complexity but that's too much text for me to type now...

The goal should be to protect the WHOLE system, not just the home directory. But that will probably be the next step in the GNU/Linux take over... "rootD"
IMHO this is just more systemD spread more than anything else.

[Head_on_a_Stick]

The feature has a specific goal and addresses a particular problem that has existed for a long time without a solution. You do agree with that, yes?

IMHO this is just more systemD spread more than anything else.

Yes, one of the things I really like about systemd (not "systemD" btw) is the unified set of (optional) tools it provides that are consistent across many distributions. Fragmentation is a long-standing issue in the GNU/Linux ecosystem: https://xkcd.com/927/

[imschmeg]

I have thought for a while that each home dir should be fully modularized from the system it runs on. Having that done to the point where a home can be unplugged and plugged into an entirely different system it has never met before and work immediately and securely would be ideal. The development of systemd-homed doesn't sound like it has faced the system-specific complications of this (uids, gids, etc.) but it seems to be on its way. Then there will be the app-specific complications - but I think those are already under development (such as the Nix package manager - allowing multiple versions of apps to coexist).

If this was a feature that got pulled into the Linux kernel independent of systemd, I think its possible many would have a different reaction.

[Head_on_a_Stick]

If this was a feature that got pulled into the Linux kernel independent of systemd, I think its possible many would have a different reaction.

+1

Haters gotta hate...

[SwampRabbit]

The feature has a specific goal and addresses a particular problem that has existed for a long time without a solution. You do agree with that, yes?

Does it have a specific goal and addresses a particular problem = NO it is has many goals and addresses several "problems". They even state this, the goal isn't just securing home, that guise is being used as justification.

Is there no other solution = NO Suspend to disk (hibernate) is an option, while not exactly the same solution. IMO, relying on a software based key isn't going to really solve the root problem anyway.

IMHO this is just more systemD spread more than anything else.

Yes, one of the things I really like about systemd (not "systemD" btw) is the unified set of (optional) tools it provides that are consistent across many distributions. Fragmentation is a long-standing issue in the GNU/Linux ecosystem: https://xkcd.com/927/

You said "optional", I'm not sure if you're being sarcastic or what? lol

Anyone can agree that fragmentation can be a problem with anything, but that isn't to say controlled modular separation is the same thing. I doubt that anyone would disagree that the a hub and spoke architecture is specifically without issues either. Which is what they are trying to accomplish. True dependence on their specific hub and spokes.

I have yet to see, could be wrong, that any real problem has been solved to date that wasn't already solved by something else. Heck, there was even talk about forking the kernel at one point.

Edit: fixed qoutes cause I'm not smarts

[SwampRabbit]

Having that done to the point where a home can be unplugged and plugged into an entirely different system it has never met before and work immediately and securely would be ideal.

There are already solutions to this (secure is debatable), they aren't coming up with new ideas.

But I would caution going out to random bars and going home with random people thinking that it could ever be a good idea.

If this was a feature that got pulled into the Linux kernel independent of systemd, I think its possible many would have a different reaction.

The kernel has nothing to do with this. Besides, you're talking "independence".... that's not a stated goal and never will be.