Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing ~/.bashrc and putting a binary somewhere.
- 3 Posts
- 4 Comments
Joined 1 year ago
Cake day: July 25th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
NixOS is immutable and atomic, but it isn’t image-based.
Immutable simply refers to how the running system configuration can’t be changed by simply putting a file somewhere (e.g. copy a binary to
/bin, which is a bad idea).For example, Fedora Atomic and derivatives are image based, although they are more flexible than the A/B types like SteamOS.
OpenSUSE MicroOS uses btrfs snapshots to apply updates atomically, and is more flexible than most image based immutable distros.
Edit: But I don’t think those terms have a single definition, so how would you differentiate these terms?
0·3 days agoMPV also supports pipewire.
Good point. I’ll have to stop using immutable and stay with atomic (and declarative).
Interestingly
/binand/usr/binare not in PATH by default, so/bin/chewycan only be executed by its path directly and won’t affect the systems reliability.