Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?

It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.

  • @aordogvan@lemmy.worldOP
    link
    fedilink
    English
    -14 months ago

    Because even if an attacker could gain access even as root he cannot modify system files. This is why immutable OS distros are called immutable.

    • @myersguyA
      link
      English
      94 months ago

      Because even if an attacker could gain access even as root he cannot modify system files.

      They 100% can.

      • @MalReynolds@slrpnk.net
        link
        fedilink
        English
        14 months ago

        Absitively, use case here IMO is set and forget autoupdate to stay current and SELinux (which actually reduces surface)

      • @asap@lemmy.world
        link
        fedilink
        English
        0
        edit-2
        4 months ago

        They 100% can.

        An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

        The filesystem itself is also read-only.

        /dev/nvme0n1p4 on /sysroot type xfs (ro)
        /dev/nvme0n1p4 on /usr type xfs (ro)
        /dev/nvme0n1p3 on /boot type ext4 (ro)
        
        • @myersguyA
          link
          English
          5
          edit-2
          4 months ago

          An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

          That would be true of podman running anywhere, and is not unique to an immutable distribution.

          The filesystem itself is also read-only.

          You can change that real quick if you have root access.

          • @asap@lemmy.world
            link
            fedilink
            English
            1
            edit-2
            4 months ago

            edit: “Immutable” means “all of them are the same”, not “unchangeable”.

            You sound confident, but the fact that Fedora is using the term “immutable” makes me wonder if you actually have domain expertise here.

            Immutable means immutable. It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.

            Unless you provide some evidence to the contrary I’m going to assume you aren’t correct.

            • @superkret@feddit.org
              link
              fedilink
              English
              64 months ago

              The immutability isn’t designed to protect against a malicious attacker with root access.
              Any system is fucked if that happens.
              It’s designed to reduce the workload of the maintainers, because they effectively only need to test and build for one standard image.

              • @asap@lemmy.world
                link
                fedilink
                English
                34 months ago

                Makes sense. An “immutable” distro provides no additional security benefit, however CoreOS does have a reduced attack surface area compared to other distros, which itself is a benefit.

            • @myersguyA
              link
              English
              24 months ago

              Someone with root can run ostree admin unlock --hotfix to make /usr writable. Someone with root can also delete all restore points.

              It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.

              See the comment by superkret.

              • @asap@lemmy.world
                link
                fedilink
                English
                14 months ago

                While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?

                • @myersguyA
                  link
                  English
                  1
                  edit-2
                  4 months ago

                  While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?

                  The original context for the comment chain was:

                  Because even if an attacker could gain access even as root he cannot modify system files.

                  So no, it’s completely relevant.

                  • @asap@lemmy.world
                    link
                    fedilink
                    English
                    14 months ago

                    My comment in the comment chain was:

                    An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

                    We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.

              • @aordogvan@lemmy.worldOP
                link
                fedilink
                English
                1
                edit-2
                4 months ago

                While what you’re saying is theoretically true, don’t forget that as far as I know, most attacks are perpetrated by bots. And while it is true that in a fedora based version one could run ostree admin unlock etc… this particular command would need to be included in the attack script.

                Now if the script has to be modified to include all possible different immutable systems that could possibly run it would increase the complexity and most importantly the size of said script making it easier to detect.

                I’m not saying that its a bulletproof method, I’m just saying that by itself it greatly minimizes the risk, at least until all servers run immutable systems. And even then it still complicates matters for potential attackers quite a bit. So therefore reducing or at least greatly minimizing the potential of the system being compromised.

                • @myersguyA
                  link
                  English
                  14 months ago

                  Because even if an attacker could gain access even as root he cannot modify system files.

                  Your comment was already from the position of if an attacker could gain root access. My responses were to that directly, and nothing else.

    • Possibly linux
      link
      fedilink
      English
      2
      edit-2
      4 months ago

      Wait, why wouldn’t they? They could wipe the entire disk if they so choose