"The PAM Duress is a module designed to allow users to generate ‘duress’ passwords that when used in place of their normal password will execute abritrary scripts.

This functionality could be used to allow someone pressed to give a password under coersion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to limit lateral movement, and/or to send off a notifcation or alert (potentially one with detailed information like location, visible wifi hotspots, a picture from the camera, a link to a stream from the microphone, etc). You could even spawn a process to remove the pam_duress module so the threat actor won’t be able to see if the duress module was available.

This is transparent to the person coersing the password from the user as the duress password will grant authentication and drop to the user’s shell.

Duress scripts can be generated on an individual user basis or generated globally. Users can also re-use global duress passwords to sign their own duress scripts (rare instance where this could actually be useful from a security perspective)."

Found on HN - https://news.ycombinator.com/item?id=28267975

  • Helix 🧬@feddit.deB
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    absolute security doesn’t exist. It’s more a matter of what you’d like to hedge against

    Yes, threat models are important and security is not a state, but a process.