Possible attack vectors for Linux as single-user desktop system
I am aware of https://security.archlinux.org/ which includes recent CVE's related to official packages, and I also read about the general security recommendations in the Arch Wiki.
This question is about practical real-life examples of previous security vulnerabilities that Linux has been affected with. The CVE's listed in ASA are of course useful to know about, but I want to see how they can be leveraged by an attacker. Here are some examples, and what I learned from them:
- Shellshock (CVE-2014-6271, CVE-2014-7169): your shell is a huge attack vector. Review your zsh plugins, use only trusted plugins, and keep them minimal.
- BlueBorne (CVE-2017-1000251, CVE-2017-1000250): start bluetooth service manually, and prefer wired headset, mouse, and keyboard over wireless ones.
- Grub2 BootHole (CVE-2020-10713): grub is bloated. Use a minimal bootloaders.
- CVE-2021-3156 (Baron Samedit): use doas
- Microsoft Follina: PDFs and documents are a big attack vector. While not a Linux-related vulnerability, it reminded me to be cautious with document files. As an alternative, MS office files can be uploaded to Google Drive and viewed there, or using a conversion tool like Pandoc, or soffice. Also PDF viewers can be hardened in settings, or even better, sandboxed (see Zathura seccomp filter).
- File previewers: The Follina vulnerability was so terrible that it was executed even without launching office. Simply by having the side preview panel, the previewer executed the vulnerability. If you're using a terminal file manager, then you have to check your
scopeshell script that previews files. See this Wiki section: https://wiki.archlinux.org/title/Lf#Sandboxing_previews - Archive files: zip bombs
- PKGBUILDs: be cautious with random AUR scripts
- Malicious USBs: see https://wiki.archlinux.org/title/USBGuard
I excluded vulnerabilities that are related to servers or hardware like Spectre, heartbleed and downfall. The solution for these is simply keeping your system updated, using firewall, sandboxing applications, and the rest of recommendations on the Wiki. Also, assume the Linux machine is one-user machine.
What are other attack vectors I could be missing?
