Linux

59087 readers

1727 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Running a command only when resuming from the hibernation part of suspend-then-hibernate? (lemmy.ml)

submitted 2 weeks ago by monovergent@lemmy.ml to c/linux@lemmy.ml

9 comments fedilink hide all child comments

In the interest of maximizing battery life, I've set up suspend-then-hibernate on my laptop. Using a discrete window manager, so I have a systemd unit that locks the screen when I close the lid. After an hour, it automatically goes into hibernation.

All is well, until I have to boot up from hibernation. I'm prompted to unlock LUKS, then I'm hit with a redundant lock screen once resumed. I've tried setting up systemd units referencing suspend-then-hibernate.target and hibernate.target, but I can't get it to kill the screen locker when resuming from hibernation only, so I don't have to type in my password twice. Is there any way to have systemd discriminate between the suspend and hibernate parts of suspend-then-hibernate?

you are viewing a single comment's thread
view the rest of the comments

[–] jutty@blendit.bsd.cafe 4 points 2 weeks ago* (last edited 2 weeks ago)

I'm focusing on the lock screen as having one single job to do well: protect the session from any access not granted exclusively through the password.

You posit this as if the attacker and the killing of the lock screen were connected: the attacker can only kill if they already have malware, so "it doesn't matter". But the point is, if the lock screen won't relinquish access upon receiving the kill signal, even if the attacker had compromised this vector, or if there were some other cause behind the lock screen dying, crashing, whatever, access would not be granted in the first place. It stops at that layer.

Thinking in terms of "if they already can access the system, whatever" is different from thinking about security in depth/layers. So its not so much about the cause of the problem, but where you can contain it. This threat (a physical access attacker) is pretty extreme, but if we are going there, then yes, it's not unfeasible to think that they could leverage this weakness to go from a possibly limited shell access to a fully unlocked physical session where you could have unrestricted access to e.g. a browser or unlocked password manager or other in-memory information.

But the two things don't really need to be connected. The lock screen having a secondary way to allow access that does not require the password is a weakness in itself, that the attacker could exploit, but that should not have been there in the first place.