Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security - Privilege escalation attacks? #957

Open
t3dium opened this issue Sep 14, 2024 · 3 comments
Open

Security - Privilege escalation attacks? #957

t3dium opened this issue Sep 14, 2024 · 3 comments

Comments

@t3dium
Copy link

t3dium commented Sep 14, 2024
edited
Loading

Under "a note on security" you say:

This package is in no way as secure as a password and will never be. Although it's harder to fool than normal face recognition, a person who looks similar to you, or a well-printed photo of you could be enough to do it. Howdy is a more quick and convenient way of logging in, not a more secure one.

I think the issue that's currently mentioned isn't particularly significant as it would require the laptop to be stolen in a running state. Which wouldn't be an issue if the laptop were powered off and encrypted with LUKS, as you still need the LUKS password. If it weren't encrypted to begin with, then the device was already insecure if stolen.

However I think there's a far more significant risk that comes with using howdy - the fact that it removes any need for manual authentication, as you aren't manually typing a password, it automatically authenticates you. The danger with this is that any app can just elevate to root and compromise your system to a much greater extent with the only requirement being that you have to be sitting in front of your computer. This makes malware or RCE vulnerabilities much more dangerous than they would've otherwise been.

I think to address this problem, howdy should require the user to manually enter a keybinding before it proceeds with authentication. The setting which configures this keybind would also ideally be stored in an area which programs cannot read without root privileges.

At the moment, using howdy is as just as insecure as not having a password configured, no? At least in the attack scenario described and not in the event that someone steals your running laptop.
@popy2k14
Copy link

popy2k14 commented Nov 4, 2024

That's really a security concern!
Is there a solution, so we can force the need of an additional key? (Like on windows hello?)

@boltgolt
Copy link
Owner

boltgolt commented Nov 4, 2024
edited
Loading

Take a look at rubberstamps in v3, they add an optional step after authentication like nodding for auth and shaking for deny

@popy2k14 popy2k14 mentioned this issue Nov 4, 2024
Open
@popy2k14
Copy link

popy2k14 commented Nov 4, 2024

@boltgolt that would be an good way, but better would be just an simple dialog which you have to confirm, when you want to confirm the authentification. Like in windows the UAC dialog.
IDK if this can be done in an pam so module.

With this workaround: #945 (comment)
you have to press "enter" (with an empty PW) to start howdy face recognition.
But as stated in the comment, you can simple trick this and escalate with an "echo".

Any idea's ow to make howdy usage/integration safer but keep "convenience"?

PS.: i know that face authentification is per se "unsecure", but without confirming "authentification" it's MUCH more unsecure, taht it could be.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boltgolt @popy2k14 @t3dium