Update I have come to a decision. Thank you to all who contributed suggestions. Please feel free to keep the discussion going to help others.

  • haui@lemmy.giftedmc.com
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    I‘m not that bad at rhetoric either but I avoid it when I can.

    Your argument is empty. Privilege escalation attacks are plain old cves that get found, evaluated and fixed. You need access to the phone, mostly in an unlocked state to get anything to work like that, same as with a computer.

    I know a couple of pen testers and I would definitely know if there were large differences between operating systems securitywise.

    • Lemongrab@lemmy.one
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      CVEs are often go mislabeled as normal bugs and dont get the attention needed. It also may take a bit for such vulnerabilities to make it downstream.

      A simple privilege escalation attack on basically every system goes as follows: add a function into the bashrc file of a users that runs a script, have the script intercept the users sudo credentials and pass the command on normally as if it was just the regular sudo command. Now you have root. Nothing here requires priveleges beforehand. Anything, be it a script, appimage, malicious binary, etc can follow those steps and gain root access by compromising the wheel user. Even without compromising a user, it could simply add a Systemd user service that keylogs (keylogging is still possible on Wayland without security hardening)

      A prerequisite of course is getting that file onto the user’s computer. There are a plethora of ways. Simplest way is to learn what applications the user installs, find the weakest link, and compromise them.

      There are of course much more sophisticated and better ways, some of which are detailed in the supporting links I sent. Every Security expert and researcher I have talked to can recognize that Linux has an outdated security model. The best links to read would be the hardening guide and “linux isnt secure”.

      • haui@lemmy.giftedmc.com
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        I did quite some reading in my time, as I mentioned. The methods you are describing are riddled with ifs and buts. The reality is that even online systems arent hacked if they dont have obvious flaws like passwords in root ssh. on the other hand tools like john the ripper can break each and every common encryption given the right circumstances. Its no difference. Its all just marketing.