|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Can the administrator access to my OpenBSD VM?
Dear OpenBSD users,
My goal is placing my website into a VPS. My concern is administrator access rights to a VM. My question is can a system administrator access to the virtual machine that I rent? For example; There are several entities who offer OpenBSD VMs. If I put my content into one of their VMs, can they read or write my data? Or even-though they are the administrator, can they only create and delete that VM but cannot access my VM's content? |
|
|||
Dear jggimi,
Thank you very much for this detailed explanation. It covered a lot of questions. Quote:
|
|
||||
OpenBSD has two tools to encrypt data-at-rest.
|
|
|||
Dear jggimi,
Thank you for your reply. Above discussion helped me a lot. |
|
|||
The short answer is, yes, a malicious admin at the VPS provider can access everything.
Even encrypted storage has to be decrypted and passed through RAM and CPU to be used. An admin can leverage the hypervisor to read data out of RAM or CPU registers. They could, in theory, use your decryption key out of RAM to read your unlocked encrypted storage. Or, even easier, sniff a password you're sending to the console. Ultimately, you can really only protect data at rest, encrypted storage, when it's not in use and the password or key hasn't been obtained by an attacker. |
|
|||
Dear TronDD,
that's crazy! Thanks a lot for the information. |
|
||||
Gordon, you may have heard of the Intel CPU design flaws known as "Spectre" or "Meltdown". Abusing those flaws could permit an attacking process to learn private information from another process running on the same hardware. This class of attack doesn't require an Evil Cloud Provider, it needs only an Evil Customer.
There is no such thing as perfect security. You can only mitigate risks when you place your data into the hands of, and under the control of, another entity. You cannot eliminate risks entirely. https://en.wikipedia.org/wiki/Spectr..._vulnerability) Last edited by jggimi; 17th December 2022 at 03:14 PM. Reason: clarity, humor |
|
|||
Dear jggimi,
No, I'm sorry, I have never heard them before. Being secure and anonymous must be a crazy luxury. Thank you for your kind explanation. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Forging administrator cookies and crocking crypto ... for dummies | J65nko | News | 1 | 5th November 2014 05:39 PM |
OpenBSD Access Point | varung90 | OpenBSD General | 1 | 2nd July 2014 10:26 AM |
Can't access www.OpenBSD.org | jackthechemist | OpenBSD General | 8 | 15th January 2011 02:59 AM |
Dos batch file administrator privileges required | a6zj6 | Other OS | 1 | 12th June 2009 02:02 PM |
Internet Access Problem OpenBSD 4.3 | alcy | OpenBSD General | 3 | 19th September 2008 06:00 PM |