security by obscurity

Share your opinion about Porteus Kiosk Edition.
Forum rules
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
super.baf-baf
Ronin
Ronin
Posts: 1
Joined: 24 Jun 2015, 09:57
Distribution: slackware

security by obscurity

Post#1 by super.baf-baf » 24 Jun 2015, 10:40

Looking for a kiosk linux distro I found porteus-kiosk and I am really very happy with it. It is fast, modular and simple to use. I will want to customize it a bit to better fit my needs, but with all the work you have already done it will be easy.

But actually I decided to post here to let you know about something I don’t like about porteus-kiosk, namely its security by obscurity approach. It gives end users false sense of security. Plus it puts you in an awkward position, where you have to violate GPL rules.
It took me a while to figure it out, but in the end it wasn’t hard to extract the shell scripts out of binary blobs and get encryption scheme. With physical access to installed files there is no way you can prevent people from modifying the system or stealing config data. In my opinion developing such convoluted mechanisms is a waste of time, may lead to hidden security issues and it creates obstacles for legitimate users.
If you care for passwords you could store them in the config file in a hashed form, couldn’t you? All the other data is not really sensitive. Also note that config files (or whole packages) may be intercepted/modified during remote updates, as kiosk scripts do not validate https certificates.

Just my two cents…

Anyway, thanks a lot for this distro!

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: security by obscurity

Post#2 by fanthom » 11 Aug 2015, 14:28

Hello super.baf-baf,

"With physical access to installed files there is no way you can prevent people from modifying the system or stealing config data."
Yes - if users have an access to files then can modify the system easily. We even provide documentation how to do this:
http://porteus-kiosk.org/kiosk-customization.html
Advanced user could replace Porteus Kiosk with Fedora :)
The only solution is to not give the users physical access to the files. This applies to pretty much every system out there, no matter which encryption techniques are being used.

"Also note that config files (or whole packages) may be intercepted/modified during remote updates, as kiosk scripts do not validate https certificates."
Must think about this twice before forcing https validation. Some users may use self signed certificates for protecting their remote configs in a local network where security is not a top priority. The positive thing is that kiosk configs are decentralized and can be stored anywhere in the world rather than in a single place: porteus-kiosk.org website. Its rather hard to track them and this is the strength of the project which our competition is lacking.
EDIT:\\
Thus issue is resolved now as configs can be stored directly on Porteus Kiosk Server which uses SSL and SSH tunnels for transporting the files.

BTW: next time if you find some security issues with kiosk please report them on support@porteus-kiosk.org rather than posting on the forum. This way we'll have a chance to fix them before they go revealed to the public. This is a common security practice. Please have a look on the entries labelled as 'kiosk security fix' up here:
http://porteus-kiosk.org/changelog-auto ... tml#150619

Thank you for your feedback.
Please add [Solved] to your thread title if the solution was found.

Locked