This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
other:win10wsl [2022/09/07 09:42] jypeter [Advanced usage] Started the security section |
other:win10wsl [2022/09/07 11:59] jypeter [WSL security WARNING] Improved |
||
---|---|---|---|
Line 988: | Line 988: | ||
===== Advanced usage ===== | ===== Advanced usage ===== | ||
- | ==== WSL security WARNING ==== | + | ==== WSL security WARNING! ==== |
- | A regular Linux installation (on a Linux-only computer) is fairly secure, but a Linux installation on WSL is not secure at all, by design. WSL+Linux is designed to allow you to easily use Linux on Windows, including easily using the Linux root account without having to know any password of the Linux installation! | + | <WRAP center round important 60%> |
+ | A regular Linux installation (on a Linux-only computer) is fairly secure,\\ but a Linux installation on WSL is not secure at all, **by design** | ||
+ | </WRAP> | ||
- | This is not a security issue, because your installation is protected by your Windows account security | + | WSL+Linux is designed to allow you to easily use Linux on Windows, including **very easily using the Linux root account without knowing any password** of the Linux installation! |
- | You should still be aware that: | + | <code>PS C:\Users\your_login> wsl |
+ | wsl_default_user@your_machine:/mnt/c/Users/your_login$ whoami | ||
+ | wsl_default_user | ||
+ | |||
+ | PS C:\Users\your_login> wsl -u root | ||
+ | root@your_machine:/mnt/c/Users/your_login# whoami | ||
+ | root</code> | ||
+ | |||
+ | This is **a feature and not a security issue**, because your installation is protected by your Windows account security | ||
+ | |||
+ | You should be aware (and act accordingly) that: | ||
* Somebody gaining access to your Windows account will also have full access to the Linux installation | * Somebody gaining access to your Windows account will also have full access to the Linux installation | ||
- | * Always make sure that only you can access your Windows account. And your LSCE Windows laptop will be encrypted with bitlocker | + | * <wrap hi>Do not use an existing password for the WSL Linux account</wrap> |
- | * somebody gaining access to a backup of your Linux installation will easily have access to the Linux installation | + | * Storing data in the Linux part of your computer does not add any extra security |
- | * You can save your backup to an external disk encrypted with bitlocker | + | * Always **make sure that only you can access your Windows account** |
+ | * Your LSCE Windows laptop (not your desktop) is encrypted with [[https://docs.microsoft.com/en-us/windows/security/information-protection/Bitlocker/bitlocker-overview|BitLocker]], which adds some extra security | ||
+ | |||
+ | * Somebody gaining access to a backup of your Linux installation will easily have access to the Linux installation itself | ||
+ | * You can store your Linux installation backup to [[https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-to-go-faq|an external disk encrypted with BitLocker]] | ||
==== Creating a backup ==== | ==== Creating a backup ==== | ||