> Finally the vast majority of Linux systems are single user. That means> Android phones/tablets and desktop PCs running GNOME, KDE, etc.> There is no need to compromise init.
systemd takes care of Linux containers which provide or can provide user/application separation. A flaw in this leaves you with a false sense of security, in case you use it.
That is actually quite critical.
After all, I still have not come up with something explaining Linux containers and security as clearly as the jail(8) manpage states:
and it gives me the impression: Do not rely on Linux containers, you have to add other measures to make it safe (no root user, SELinux, capabilities etc.)
There is nothing wrong with adding additional layers, of course. But the basic design is maybe not as good if I have to rely on these additions.
Until now I am not convinced to have a similar clear process separation as I have with FreeBSD's jail. Which makes Docker containers a bit of a gamble I am not willing to take if it comes to security.
(Additional comment very welcome.. at the moment I just don't know better)
"The attack works by grabbing the password token, a small file that sits
on a user's devices for convenience (which saves the user from entering
their password each time)."
Taking away 'convenience' (yes, it is convenient for attackers to have access to private keys without a password;-)
.. this is easily preventable if you run a DropBox service (or whatever) in the jail and other apps as well, and there is a clear separation of data for all services running.
So, we (technicians) know how to do it.. Question: Why does it not work that way?
Regards
Peter