The PAM Duress is a module designed to allow users to generate 'duress' passwords that when used in place of their normal password will execute arbitrary scripts.
This functionality could be used to allow someone pressed to give a password under coercion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to limit lateral movement, and/or to send off a notification or alert (potentially one with detailed information like location, visible wifi hot-spots, a picture from the camera, a link to a stream from the microphone, etc). You could even spawn a process to remove the pam_duress module so the threat actor won't be able to see if the duress module was available.
#security #Linux #Arch #Debian
GitHub - nuvious/pam-duress: A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc
A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensit...GitHub
miki
in reply to diana 🏳️⚧️🦋🌱 • • •One useful addition to this would be a password that does an immediate wipe.
There are situations where that is indeed what you want, while that is extremely conspicuous, if the wipe is irreversible, there isn't much that your captors can do about it afterwards, and it's an option that should be available to users.
For systems that store their disk encryption key in a TPM, you could do this by just destroying the key (though I'm not sure whether PAM would even run in an encrypted disk scenario, I know far too little about how this works on Linux specifically).