I tried Kicksecure for the first time. I found that the terminal gave me sudo su (superuser) access without even asking for a password. A very simple privilege escalation hat lets me access the LUKS password from system memory. WTF? I wanted to try Kicksecure because I saw that it would eventually become Whonix-Host. Is this is a bug?
See the documentation at Login Security. This is an intentional design choice, with rationale explained there.
Hello, friend. Yes, Kicksecure is almost a Whonix host. Your system has a powerful hardening. The main password in your system is disk encryption. Sudo password has weak protection (if you are using a laptop alone). If someone is standing next to you and watching you - they will see you entering your password. Without a password, you are protected from it being intercepted to gain elevated privileges by other users. I was also surprised by lack of a password at first, but its just a habit - like habit of using root. You can install necessary packages and use live mode - there you are safer, its similar to Tails. If you need a password, it’s easy to set up with just one command. Read documentation on Kicksecure website - its very simple and interesting. You will learn a lot about system protection that you did not know before
By the way, a new sandbox has been created and it looks very simple and secure, it works from the kernel GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel. Its possible to install it by default and use it in future versions of Kicksecure to run apps with partial or full restrictions
As of the stable version at time of writing (17.2.8.5):
The primary user documentation for passwordless sudo is on the Kicksecure Default Passwords wiki page.
Quote chapter Information / FAQ:
Advantage of setting a user account password:
- Administrative (“root”) rights authentication. (But this is a weak protection. See Prevent Malware from Sniffing the Root Password for a safer procedure.)
The full rationale, developer documentation can be found here:
Versions released higher than 17.2.8.5:
Huge improvement. When the user-sysmaint-split package is installed, account user will no longer have access to privilege escalation tools such as sudo, pkexec by default. Instead, the user needs to boot into sysmaint mode. (An opt-out is available. [1])
User documentation:
Developer documentation:
Written about this also here:
Replace sudo with doas - #35 by Patrick - Development - Whonix Forum
3 posts were split to a new topic: LIVE mode SYSMAINT
I’ve just renamed user mode to user session in the wiki to avoid confusion with “kernel mode” versus “user mode”.