On 2020-08-28 20:29, Grant Taylor wrote: > On 8/28/20 6:10 PM, Michael Orlitzky wrote: >> I think I see where we're diverging: I'm assuming that the employees of >> the VPS provider can hop onto any running system with root privileges. > > Perhaps I'm woefully ignorant, but my current working understanding > is that ...They still need to connect to a terminal (be it console or > serial or ssh or other), log in (with credentials that they should > not have) and access things that way. > > I'm actually not encrypting the full VM. I have an encrypted disk. The > VM boots like normal, I log in, unlock the encrypted disk, mount it, and > start services.
If /etc/passwd, /etc/shadow, and friends aren't encrypted, they can get in pretty easily without credentials. The VPS admins have physical access to the disk -- they could swap out your root password for theirs temporarily, or create a secondary privileged account. And keep in mind that your shell and all of the executables used to decrypt/mount the disk are themselves unencrypted and can be replaced by malware. A lazy attack would be to reboot in single-user mode (bypasses the root password) and then replace your utilities with keyloggers before rebooting again. This might look suspicious to you, but would you really avoid logging into the system ever again because it rebooted once?
