On 2020-02-24 15:57, H wrote:> On 02/24/2020 12:42 PM, Roberto Ragusa wrote: >> On 2020-02-24 14:37, lejeczek via CentOS wrote: >>> >>> >>> On 24/02/2020 10:26, Roberto Ragusa wrote: >>>> On 2020-02-24 10:51, lejeczek via CentOS wrote: >>>>> g) remember!! still at least (depending how you mount it) >>>>> the 'root' will have access to that data while mounted, >>>>> obviously! >>>> >>>> More than that: the root user will be able to access data >>>> in the future too, since it can steal the key >>>> while the data is mounted. >>>> >>>> Regards. >>>> >>> With a passphare only? >> >> Attackers don't need the passphrase, they can use the >> real key used for encryption (dmsetup table). >> >> Regards. >> > So the final word seems to be that even if I create this LUKS-encrypted loop-back file and only mount it when needed, immediately un-mount when no longer needed, a root user can access this encrypted file system while it is mounted, and perhaps more importantly, even when it is not mounted since they can get the key as described above? > > My reputable VPS hosting provider in Europe of course outsources some of the support to other countries. While I have no immediate suspicion that they access files on my VPS, I also have no way of finding out, nor of protecting myself - apart from not putting "sensitive" files on the VPS or encrypting files before uploading them. > > If I upgrade to a dedicated server I expect that I will be the root user but will the hosting company still have access to my server? >Whoever has physical access to the machine can have everything. In the past I was phrasing it "nothing can stop the guy with the screwdriver". Do not take the screwdriver literally, of course. Valeri -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 02/24/2020 05:02 PM, Valeri Galtsev wrote:> > > On 2020-02-24 15:57, H wrote: >> On 02/24/2020 12:42 PM, Roberto Ragusa wrote: >>> On 2020-02-24 14:37, lejeczek via CentOS wrote: >>>> >>>> >>>> On 24/02/2020 10:26, Roberto Ragusa wrote: >>>>> On 2020-02-24 10:51, lejeczek via CentOS wrote: >>>>>> g) remember!! still at least (depending how you mount it) >>>>>> the 'root' will have access to that data while mounted, >>>>>> obviously! >>>>> >>>>> More than that: the root user will be able to access data >>>>> in the future too, since it can steal the key >>>>> while the data is mounted. >>>>> >>>>> Regards. >>>>> >>>> With a passphare only? >>> >>> Attackers don't need the passphrase, they can use the >>> real key used for encryption (dmsetup table). >>> >>> Regards. >>> >> So the final word seems to be that even if I create this LUKS-encrypted loop-back file and only mount it when needed, immediately un-mount when no longer needed, a root user can access this encrypted file system while it is mounted, and perhaps more importantly, even when it is not mounted since they can get the key as described above? >> >> My reputable VPS hosting provider in Europe of course outsources some of the support to other countries. While I have no immediate suspicion that they access files on my VPS, I also have no way of finding out, nor of protecting myself - apart from not putting "sensitive" files on the VPS or encrypting files before uploading them. >> >> If I upgrade to a dedicated server I expect that I will be the root user but will the hosting company still have access to my server? >> > > Whoever has physical access to the machine can have everything. In the past I was phrasing it "nothing can stop the guy with the screwdriver". Do not take the screwdriver literally, of course. > > Valeri >Well, the scenario with a screw driver I can live with but not other types of access...
On 02/25/2020 12:44 AM, H wrote:> On 02/24/2020 05:02 PM, Valeri Galtsev wrote: >> >> On 2020-02-24 15:57, H wrote: >>> On 02/24/2020 12:42 PM, Roberto Ragusa wrote: >>>> On 2020-02-24 14:37, lejeczek via CentOS wrote: >>>>> >>>>> On 24/02/2020 10:26, Roberto Ragusa wrote: >>>>>> On 2020-02-24 10:51, lejeczek via CentOS wrote: >>>>>>> g) remember!! still at least (depending how you mount it) >>>>>>> the 'root' will have access to that data while mounted, >>>>>>> obviously! >>>>>> More than that: the root user will be able to access data >>>>>> in the future too, since it can steal the key >>>>>> while the data is mounted. >>>>>> >>>>>> Regards. >>>>>> >>>>> With a passphare only? >>>> Attackers don't need the passphrase, they can use the >>>> real key used for encryption (dmsetup table). >>>> >>>> Regards. >>>> >>> So the final word seems to be that even if I create this LUKS-encrypted loop-back file and only mount it when needed, immediately un-mount when no longer needed, a root user can access this encrypted file system while it is mounted, and perhaps more importantly, even when it is not mounted since they can get the key as described above? >>> >>> My reputable VPS hosting provider in Europe of course outsources some of the support to other countries. While I have no immediate suspicion that they access files on my VPS, I also have no way of finding out, nor of protecting myself - apart from not putting "sensitive" files on the VPS or encrypting files before uploading them. >>> >>> If I upgrade to a dedicated server I expect that I will be the root user but will the hosting company still have access to my server? >>> >> Whoever has physical access to the machine can have everything. In the past I was phrasing it "nothing can stop the guy with the screwdriver". Do not take the screwdriver literally, of course. >> >> Valeri >> > Well, the scenario with a screw driver I can live with but not other types of access... >I spoke with my hosting company where I also have a Hosted VMWare server running CentOS 7. The person I spoke with said that if I change the root password, this would prevent any support person from logging in. I, as the root, would be the only one (assuming, of course, they have not created any other users). Were I to need support in the future, I would have to give it to them since they would otherwise not be able to log in. I presume I can already look at the logs to seen when and from where the root user have logged in. They also claimed, which I have yet to understand what she meant, that even if they have the root password I can protect directories and their contents. I did not understand what she meant and she could not give me any further information. Does anyone understand what she might refer to?