i would like to forward descriptions of Debian security flaws. Author of the comments is dmknght, one of the devs of one of Linux, Debian Like distributions : Parrot OS, which you perhaps heard about.
On the distro forum page, is a topic called "Linux insecurity. Opinions", which you can find under :
https://community.parrotsec.org/t/linux ... ions/18379
let me go forward and paste them here.
perhaps devs could find something interesting for them to implement to the new Debian 2021 distribution
Yes Linux has security problems by design. X11 server allows any process captures keyboard events of other processes that leads to keylogging (check Xspy).
The package installer of Debian, `dpkg` (i haven’t tested any other installers so i can’t say) can infect malicious scripts/ binaries as root permission silently.
Here is my walkthrough Infect target with .deb package 1.: https://community.parrotsec.org/t/infec ... kage/18112 In this case, MacOS has a feature that verify packages and warn users about untrusted packages so at least it has “something” and Debian has nothing.
This tool allows attackers dump passwords from RAM GitHub - huntergregal/mimipenguin:
A tool to dump the login password from the current linux user: https://github.com/huntergregal/mimipenguin
According to the Readme
On Linux, you have unknown interpreters and known interpreter could allow process to create reverse shell and pty shell.A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.c ... 2018-20781). Fun fact it's still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.
For example expect command https://stackoverflow.com/a/45130404, `tsh shell`, … and you barely know about it or you don’t even know it is in your system.
For example, sudo could be a sink hole (idk if i am using this word correctly). Non-root users + daemon users + root users is always harder to get privs than daemon users + sudo users + root users.
Parrot OS has some preinstalled tools to protect privacy and encrypt data. encryptpad isn’t on the Debian repo, so does anonsurf and some tools are not preinstalled. But it also means there are more place for 0days could be exploited.
Debian doesn’t have much (more) preinstalled packages compare with Parrot. So, again, it has less attack surfaces.
Parrot could add some more hardening rules, sandbox solutions (again but more stable), or even preinstalled AV but security is an illusion. Nothing is perfect. (Yeah i’m still having an idea of create new open source AV).
Now is the super insecure point of Parrot, but that wasn’t Parrot team’s fault
1. This is command injection of `searchsploit`, exploitdb command to search. In real world, the attack impact is not so high but it is an example of all tools can have vulnerabilities and you dont know which has vulnerabilities in your system Command injection in exact search (version 4.1.3) ·
Issue #189 · offensive-security/exploitdb · GitHub https://github.com/offensive-security/e ... issues/189
2. Package Xspy, X11 keylogger is preinstalled in Security edition and it has EXECUTABLE PERMISSION AND ANY USER ON SYSTEM CAN EXECUTE IT. That means if you are attacked by any attacker that has daemon user, they can execute it and get yys after the last reply. New replies are no longer allowed.our user’s password. And i have to mention again, Parrot uses sudo so if they can capture your sudo, yep the whole system is fucked. I don’t know why they package the binary like that. I fixed permission to 700 and moved the binary to `/usr/share/` instead of `/usr/bin/` so it is no longer being executed by any users. The same stories go to other packages that use on target’s machine only.
There is other thead on this topic: "ParrotOS hardening" https://community.parrotsec.org/t/parro ... g/11649/15
which reference to some options, let me post them here briefly:
* We can have security-misc 30 package from Whonix pre-installe
- https://github.com/Whonix/security-misc/
- https://www.whonix.org/wiki/Security-mi ... g_Features
* Last but not least i recommend the pre-installation maybe of LKRG(Linux Runtime Kernel Guard)
- https://www.openwall.com/lkrg/
- https://www.whonix.org/wiki/Linux_Kerne ... Guard_LKRG
- Looks neat, but the project is run by one man, who has a fulltime job. I’m not saying his project is bad, moreover I had some similar ideas with Protecred Features he was talking about (old users remember my posts) https://www.youtube.com/watch?v=tOiPM692DOM
* CIS Benchmarks - Securing Debian Linux - This document provides prescriptive guidance for establishing a secure configuration posture for Debian Linux 9 systems running on x86 and x64 platforms.
- https://www.cisecurity.org/benchmark/debian_linux/
- https://nvd.nist.gov/ncp/checklist/887
* Securing Debian Manual 3.19, 2017
- https://www.debian.org/doc/manuals/secu ... ex.en.html
***
This short document was put together with the vision of sharing the perspective of some other developers in discussing elements of system security integrity, as you cannot be everywhere while working hard on all other areas of your development activities. Let me take this opportunity to thank you for your tireless work, with the hope that at least some parts of the above text, might be of help to you in your upcoming work